Skip to content

Remove PROCESS privilege requirement for MySQL source in DM #12015

Open
@alastori

Description

Is your feature request related to a problem?

Currently, DM requires PROCESS privilege for MySQL sources, but initial investigation suggests this might not be necessary. This requirement adds extra security overhead and should be removed if not essential for DM's operation. It is also not part of the requirements in the documentation.

Describe the feature you'd like

  • DM currently shows a warning when the MySQL user lacks PROCESS privilege
  • The warning appears in the dumper_conn_number_checker which checks if connection concurrency exceeds database's maximum connection limit
  • Initial investigation by engineering lead suggests this privilege might not be necessary

Current Behavior
When running DM without PROCESS privilege, the following warning appears:

{
    "id": 0,
    "name": "dumper_conn_number_checker",
    "desc": "check if connetion concurrency exceeds database's maximum connection limit",
    "state": "warn",
    "errors": [
        {
            "severity": "warn",
            "short_error": "lack of Process global (*.*) privilege; "
        }
    ]
}

How to reproduce

  • MySQL Version: 8.0.40
  • DM Version: v8.5.0
  • Command tested: tiup dmctl check-task and tiup dmctl start-task

More details:
This issue was identified during the documentation review of the quick start guide. Removing unnecessary privileges will improve security posture and simplify setup requirements.
https://github.com/pingcap/docs/blob/0c69e8a87585d5269c9e6a596f1ad3dab4fe0063/dm/quick-start-with-dm.md

Describe alternatives you've considered

The warning disappears if the user grants the PROCESS privilege.

Teachability, Documentation, Adoption, Migration Strategy

No response

Metadata

Assignees

No one assigned

    Labels

    type/featureIssues about a new feature

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions