Closed DanielZhangQD closed 2 years ago
Lightning must be able to read the global variable @@tidb_row_format_version
. IMO SEM is all right to prevent writing to the variable, but should not restrict reading it.
For now to workaround this issue, the user running Lightning should be granted RESTRICTED_VARIABLES_ADMIN privilege.
@SunRunAway what do you think about relaxing the privilege requirement on tidb_row_format_version
?
I think the app developer rarely needs to know tidb_row_format_version
. So IMO keeping tidb_row_format_version
as protected and let Lightning get RESTRICTED_VARIABLES_ADMIN
is fine when SEM is enabled.
So I do not think it is a bug of TiDB. We just need to document the list of privileges that lightning requires when SEM is enabled in the documentation describing SEM. @kennytm @DanielZhangQD Are you ok with it?
@SunRunAway It is OK for Lightning.
(The variable is used just for Local backend, and with Local backend the user needs to have direct access to PD and TiKV. Given the direct access a malicious user can just spawn their own TiDB instance with all restriction removed anyway.)
Though IMO most of the hidden variables have no security consequence by making them read-only. The only variables which absolutely must be hidden from the list is just @@tidb_config
, and maybe @@tidb_slow_query_file
too.
Yes. We can either keep them hidden or read-only. I think both make sense. So I'd like to keep it hidden from the app developer unless some unrefusable reasons come.
@SunRunAway @kennytm Is there a conclution for this issue?
The current design and code is ok. It is better to document the list of privileges that lightning requires when SEM is enabled.
@morgo Seems there is little document for SEM feature in tidb's document? So do we need to add extra note in tidb-lightning's privilege requirement or just leave it as it is. PTAL
@glorv SEM is mostly for our own internal usage, so it is something we can leave as is for now. But in future the plan is to list all of the privileges that TiDB supports and what they control. Once this is added, each statement reference page should also ideally refer back to the privileges it requires.
@glorv SEM is mostly for our own internal usage, so it is something we can leave as is for now. But in future the plan is to list all of the privileges that TiDB supports and what they control. Once this is added, each statement reference page should also ideally refer back to the privileges it requires.
Thanks for the reply. I will close this issue since there is nothing to do currently.
Please check whether the issue should be labeled with 'affects-x.y' or 'fixes-x.y.z', and then remove 'needs-more-info' label.
This issue do not affect any version as it's expected behaviour.
Bug Report
Please answer these questions before submitting your issue. Thanks!
1. Minimal reproduce step (Required)
Deploy TiDB cluster and set
security.enable-sem = true
for TiDB. Import data with Lightning with local backend2. What did you expect to see? (Required)
Import succeeds
3. What did you see instead (Required)
4. What is your TiDB version? (Required)
v5.2.0