Scott Canaan <srcdco@rit.edu> writes:
Thank you. I found SUPER, but was trying to avoid using it as it gives too many privileges. I was looking for something more fine-grained.
Maybe you can define a stored procedure with SQL SECURITY DEFINER (and a DEFINER with the SUPER priviledge) that sets the desired syslog global system variables. Then you can grant the ITS_READ account access to the stored procedure, which will give access only to set the syslog configuration. Hope this helps, - Kristian.
On Apr 06, Scott Canaan wrote:
We are on MariaDB 10.5.18. There is a requirement to send all syslog data to a central syslog server. In the past, we did it using a login called ITS_READ. It has limited privs on purpose, but used to be able to execute the SET GLOBAL statements that we needed. Those statements are:
SET GLOBAL server_audit_output_type=SYSLOG; SET GLOBAL server_audit_logging=1; SET GLOBAL server_audit_syslog_facility=LOG_LOCAL2; SET GLOBAL server_audit_events="connect,table,query_ddl,query_dcl";