lease to MariaDB Server 10.5.9 or later, any user accounts with the REPLICATION CLIENT or REPLICATION SLAVE privileges will automatically be granted the new REPLICA MONITOR privilege. The privilege fix occurs when the server is started up, not when mariadb-upgrade is performed. However, when a database is upgraded from an early 10.5 minor release to 10.5.9 and later, the user will have to fix any user account privileges manually. REPLICATION REPLICA ------------------- Synonym for REPLICATION SLAVE. From MariaDB 10.5.1. REPLICATION SLAVE ----------------- Accounts used by replica servers on the primary need this privilege. This is needed to get the updates made on the master. From MariaDB 10.5.1, REPLICATION REPLICA is an alias for REPLICATION SLAVE. REPLICATION SLAVE ADMIN ----------------------- Permits administering replica servers, including START REPLICA/SLAVE, STOP REPLICA/SLAVE, CHANGE MASTER, SHOW REPLICA/SLAVE STATUS, SHOW RELAYLOG EVENTS statements, replaying the binary log with the BINLOG statement (generated by mariadb-binlog), and setting the system variables: * gtid_cleanup_batch_size * gtid_ignore_duplicates * gtid_pos_auto_engines * gtid_slave_pos * gtid_strict_mode * init_slave * read_binlog_speed_limit * relay_log_purge * relay_log_recovery * replicate_do_db * replicate_do_table * replicate_events_marked_for_skip * replicate_ignore_db * replicate_ignore_table * replicate_wild_do_table * replicate_wild_ignore_table * slave_compressed_protocol * slave_ddl_exec_mode * slave_domain_parallel_threads * slave_exec_mode * slave_max_allowed_packet * slave_net_timeout * slave_parallel_max_queued * slave_parallel_mode * slave_parallel_threads * slave_parallel_workers * slave_run_triggers_for_rbr * slave_sql_verify_checksum * slave_transaction_retry_interval * slave_type_conversions * sync_master_info * sync_relay_log, and * sync_relay_log_info. Added in MariaDB 10.5.2. SET USER -------- Enables setting the DEFINER when creating triggers, views, stored functions and stored procedures. Added in MariaDB 10.5.2. SHOW DATABASES -------------- List all databases using the SHOW DATABASES statement. Without the SHOW DATABASES privilege, you can still issue the SHOW DATABASES statement, but it will only list databases containing tables on which you have privileges. SHUTDOWN -------- Shut down the server using SHUTDOWN or the mariadb-admin shutdown command. SUPER ----- Execute superuser statements: CHANGE MASTER TO, KILL (users who do not have this privilege can only KILL their own threads), PURGE LOGS, SET global system variables, or the mariadb-admin debug command. Also, this permission allows the user to write data even if the read_only startup option is set, enable or disable logging, enable or disable replication on replica, specify a DEFINER for statements that support that clause, connect once reaching the MAX_CONNECTIONS. If a statement has been specified for the init-connect mysqld option, that command will not be executed when a user with SUPER privileges connects to the server. The SUPER privilege has been split into multiple smaller privileges from MariaDB 10.5.2 to allow for more fine-grained privileges (MDEV-21743). The privileges are: * SET USER * FEDERATED ADMIN * CONNECTION ADMIN * REPLICATION SLAVE ADMIN * BINLOG ADMIN * BINLOG REPLAY * REPLICA MONITOR * BINLOG MONITOR * REPLICATION MASTER ADMIN * READ_ONLY ADMIN However, the smaller privileges are still a part of the SUPER grant in MariaDB 10.5.2. From MariaDB 11.0.1 onwards, these grants are no longer a part of SUPER and need to be granted separately (MDEV-29668). From MariaDB 10.11.0, the READ_ONLY ADMIN privilege has been removed from SUPER. The benefit of this is that one can remove the READ_ONLY ADMIN privilege from all users and ensure that no one can make any changes on any non-temporary tables. This is useful on replicas when one wants to ensure that the replica is kept identical to the primary (MDEV-29596). Database Privileges ------------------- The following table lists the privileges that can be granted at the databa±