Scott Canaan <[email protected]> writes: > Thank you. I found SUPER, but was trying to avoid using it as it > gives too many privileges. I was looking for something more > fine-grained.
Maybe you can define a stored procedure with SQL SECURITY DEFINER (and a DEFINER with the SUPER priviledge) that sets the desired syslog global system variables. Then you can grant the ITS_READ account access to the stored procedure, which will give access only to set the syslog configuration. Hope this helps, - Kristian. > On Apr 06, Scott Canaan wrote: >> We are on MariaDB 10.5.18. There is a requirement to send all syslog >> data to a central syslog server. In the past, we did it using a login >> called ITS_READ. It has limited privs on purpose, but used to be able >> to execute the SET GLOBAL statements that we needed. Those statements >> are: >> >> SET GLOBAL server_audit_output_type=SYSLOG; SET GLOBAL >> server_audit_logging=1; SET GLOBAL >> server_audit_syslog_facility=LOG_LOCAL2; >> SET GLOBAL server_audit_events="connect,table,query_ddl,query_dcl"; _______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp
