Skip to content

dm: add LOCK TABLES privilege note for managed MySQL sources#21467

Merged
ti-chi-bot[bot] merged 2 commits intopingcap:masterfrom
qiancai:translate/fix/dm-lock-tables-managed-mysql
Apr 16, 2026
Merged

dm: add LOCK TABLES privilege note for managed MySQL sources#21467
ti-chi-bot[bot] merged 2 commits intopingcap:masterfrom
qiancai:translate/fix/dm-lock-tables-managed-mysql

Conversation

@qiancai
Copy link
Copy Markdown
Collaborator

@qiancai qiancai commented Mar 26, 2026

This PR is translated from: pingcap/docs#22605

What is changed, added or deleted?

Added conditional LOCK TABLES privilege documentation for managed MySQL sources (Amazon RDS, Aurora, Google Cloud SQL) across three DM docs pages.

Background: DM defaults to consistency=auto. On managed MySQL where FLUSH TABLES WITH READ LOCK is restricted by the cloud provider, DM falls back to LOCK TABLES. This privilege is not needed on self-managed MySQL instances. Confirmed with @GMHDBJD (Minghao Guo): the FTWRL → LOCK TABLES fallback in auto mode is by design.

Changes:

  • dm/dm-precheck.md: Clarified that LOCK TABLES is needed for auto fallback on managed MySQL, not just flush/lock
  • dm/dm-worker-intro.md: Added LOCK TABLES to privilege table with managed-MySQL scope note; added conditional GRANT example
  • dm/quick-start-with-dm.md: Added note pointing to dm-worker-intro for managed MySQL sources (×2 instances)

Evidence: Lab-06: LOCK TABLES privilege testing (9 scenarios, vanilla MySQL vs RDS)

Related:

Which TiDB version(s) do your changes apply to?

  • master (dev)
  • v8.5 (LTS)

cc @GMHDBJD @qiancai @OliverS929

@qiancai qiancai added needs-cherry-pick-release-8.5 Should cherry pick this PR to release-8.5 branch. translation/from-docs This PR is translated from a PR in pingcap/docs. labels Mar 26, 2026
@ti-chi-bot ti-chi-bot bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Mar 26, 2026
qiancai
qiancai commented Mar 26, 2026
View reviewed changes
Comment thread dm/dm-worker-intro.md Outdated
qiancai
qiancai commented Mar 26, 2026
View reviewed changes
Comment thread dm/dm-precheck.md Outdated
qiancai
qiancai commented Mar 26, 2026
View reviewed changes
Comment thread dm/dm-precheck.md Outdated
qiancai
qiancai commented Mar 26, 2026
View reviewed changes
Comment thread dm/dm-worker-intro.md Outdated
Comment thread dm/dm-worker-intro.md Outdated
Comment thread dm/quick-start-with-dm.md Outdated
Comment thread dm/quick-start-with-dm.md Outdated
@qiancai qiancai self-assigned this Mar 26, 2026
@hfxsd hfxsd self-requested a review March 26, 2026 02:43
hfxsd
hfxsd reviewed Mar 26, 2026
View reviewed changes
Comment thread dm/dm-precheck.md Outdated
@@ -67,8 +67,12 @@ tiup dmctl check-task ./task.yaml
* (必须)上游数据库的 dump 权限

- 检查是否有 INFORMATION_SCHEMA 和 dump 表的 SELECT 权限。
Copy link
Copy Markdown
Collaborator

@hfxsd hfxsd Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- 检查是否有 INFORMATION_SCHEMA 和 dump 表的 SELECT 权限。
- 检查是否有 `INFORMATION_SCHEMA` 和 dump 表的 `SELECT` 权限。

hfxsd
hfxsd reviewed Mar 26, 2026
View reviewed changes
Comment thread dm/dm-precheck.md Outdated
- 检查是否有 INFORMATION_SCHEMA 和 dump 表的 SELECT 权限。
- 如果 consistency=flush,将检查是否有 RELOAD 权限。
- 如果 consistency=flush/lock,将检查是否有 dump 表的 LOCK TABLES 权限。
- 如果 `consistency=flush`,将检查是否有 RELOAD 权限。
Copy link
Copy Markdown
Collaborator

@hfxsd hfxsd Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- 如果 `consistency=flush`,将检查是否有 RELOAD 权限。
- 如果 `consistency=flush`,将检查是否有 `RELOAD` 权限。

hfxsd
hfxsd reviewed Mar 26, 2026
View reviewed changes
Comment thread dm/dm-precheck.md Outdated

> **注意:**
>
> 当 `consistency=auto`(默认值)时,DM 会首先尝试执行 `FLUSH TABLES WITH READ LOCK`(FTWRL)。如果 FTWRL 不可用,DM 会回退使用 `LOCK TABLES`。这种回退在托管型 MySQL 服务中较为常见(例如 Amazon RDS、Aurora、ApsaraDB RDS for MySQL、Azure Database for MySQL 和 Google Cloud SQL),因为这些服务通常不允许执行 FTWRL。在这种情况下,运行时需要具备 `LOCK TABLES` 权限,但当前的 precheck 并不会验证该权限。完整的权限列表,请参见[上游数据库用户权限](/dm/dm-worker-intro.md#上游数据库用户权限)。
Copy link
Copy Markdown
Collaborator

@hfxsd hfxsd Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
> 当 `consistency=auto`(默认值)时,DM 会首先尝试执行 `FLUSH TABLES WITH READ LOCK`FTWRL。如果 FTWRL 不可用,DM 会回退使用 `LOCK TABLES`。这种回退在托管型 MySQL 服务中较为常见(例如 Amazon RDS、Aurora、ApsaraDB RDS for MySQL、Azure Database for MySQL 和 Google Cloud SQL),因为这些服务通常不允许执行 FTWRL。在这种情况下,运行时需要具备 `LOCK TABLES` 权限,但当前的 precheck 并不会验证该权限。完整的权限列表,请参见[上游数据库用户权限](/dm/dm-worker-intro.md#上游数据库用户权限)。
> 当 `consistency=auto`(默认值)时,DM 会首先尝试执行 `FLUSH TABLES WITH READ LOCK` (FTWRL)。如果 FTWRL 不可用,DM 会回退使用 `LOCK TABLES`。这种回退在托管型 MySQL 服务中较为常见(例如 Amazon RDS、Aurora、ApsaraDB RDS for MySQL、Azure Database for MySQL 和 Google Cloud SQL),因为这些服务通常不允许执行 FTWRL。在这种情况下,运行时需要具备 `LOCK TABLES` 权限,但当前的 precheck 并不会验证该权限。完整的权限列表,请参见[上游数据库用户权限](/dm/dm-worker-intro.md#上游数据库用户权限)。

hfxsd
hfxsd reviewed Mar 26, 2026
View reviewed changes
Comment thread dm/dm-worker-intro.md Outdated

> **注意:**
>
> 如果从托管型 MySQL 服务(例如 Amazon RDS、Aurora、ApsaraDB RDS for MySQL、Azure Database for MySQL 或 Google Cloud SQL)迁移数据,且该服务不允许执行 `FLUSH TABLES WITH READ LOCK`(FTWRL),还需要授予 `LOCK TABLES` 权限。使用默认的 `consistency=auto` 设置时,如果 FTWRL 不可用,DM 会回退到 `LOCK TABLES`。
Copy link
Copy Markdown
Collaborator

@hfxsd hfxsd Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
> 如果从托管型 MySQL 服务(例如 Amazon RDS、Aurora、ApsaraDB RDS for MySQL、Azure Database for MySQL 或 Google Cloud SQL)迁移数据,且该服务不允许执行 `FLUSH TABLES WITH READ LOCK`FTWRL,还需要授予 `LOCK TABLES` 权限。使用默认的 `consistency=auto` 设置时,如果 FTWRL 不可用,DM 会回退到 `LOCK TABLES`
> 如果从托管型 MySQL 服务(例如 Amazon RDS、Aurora、ApsaraDB RDS for MySQL、Azure Database for MySQL 或 Google Cloud SQL)迁移数据,且该服务不允许执行 `FLUSH TABLES WITH READ LOCK` (FTWRL),还需要授予 `LOCK TABLES` 权限。使用默认的 `consistency=auto` 设置时,如果 FTWRL 不可用,DM 会回退到 `LOCK TABLES`

hfxsd
hfxsd reviewed Mar 26, 2026
View reviewed changes
Comment thread dm/dm-worker-intro.md Outdated
GRANT SELECT ON db1.* TO 'your_user'@'your_wildcard_of_host';
```

如果从不允许执行 `FLUSH TABLES WITH READ LOCK`(FTWRL)的托管型 MySQL 服务迁移数据,还需要授予 `LOCK TABLES` 权限:
Copy link
Copy Markdown
Collaborator

@hfxsd hfxsd Mar 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
如果从不允许执行 `FLUSH TABLES WITH READ LOCK`FTWRL的托管型 MySQL 服务迁移数据,还需要授予 `LOCK TABLES` 权限:
如果从不允许执行 `FLUSH TABLES WITH READ LOCK` (FTWRL) 的托管型 MySQL 服务迁移数据,还需要授予 `LOCK TABLES` 权限:

@ti-chi-bot ti-chi-bot bot added the needs-1-more-lgtm Indicates a PR needs 1 more LGTM. label Mar 26, 2026
@ti-chi-bot
Copy link
Copy Markdown

ti-chi-bot bot commented Mar 26, 2026

[LGTM Timeline notifier]

Timeline:

  • 2026-03-26 13:03:04.322744981 +0000 UTC m=+446180.358815251: ☑️ agreed by hfxsd.

@qiancai qiancai force-pushed the translate/fix/dm-lock-tables-managed-mysql branch from 20fe9cd to 1cdabab Compare March 27, 2026 10:51
@ti-chi-bot ti-chi-bot bot added area/develop This PR relates to the area of TiDB App development. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Mar 27, 2026
@qiancai qiancai force-pushed the translate/fix/dm-lock-tables-managed-mysql branch from 1cdabab to bf6c7a6 Compare April 16, 2026 03:24
@ti-chi-bot ti-chi-bot bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Apr 16, 2026
qiancai
qiancai commented Apr 16, 2026
View reviewed changes
Comment thread dm/dm-precheck.md Outdated
qiancai
qiancai commented Apr 16, 2026
View reviewed changes
Comment thread dm/quick-start-with-dm.md Outdated
qiancai
qiancai commented Apr 16, 2026
View reviewed changes
Comment thread dm/dm-worker-intro.md Outdated
qiancai
qiancai commented Apr 16, 2026
View reviewed changes
Comment thread dm/dm-worker-intro.md Outdated
qiancai
qiancai commented Apr 16, 2026
View reviewed changes
Comment thread dm/quick-start-with-dm.md Outdated
@qiancai qiancai added the lgtm label Apr 16, 2026
@qiancai
Copy link
Copy Markdown
Collaborator Author

qiancai commented Apr 16, 2026

/approve

@ti-chi-bot
Copy link
Copy Markdown

ti-chi-bot bot commented Apr 16, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: qiancai

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ti-chi-bot ti-chi-bot bot added the approved label Apr 16, 2026
@ti-chi-bot ti-chi-bot bot merged commit 9fae989 into pingcap:master Apr 16, 2026
11 checks passed
@ti-chi-bot
Copy link
Copy Markdown
Member

ti-chi-bot commented Apr 16, 2026

In response to a cherrypick label: new pull request created to branch release-8.5: #21558.

@ti-chi-bot ti-chi-bot mentioned this pull request Apr 16, 2026
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hfxsd hfxsd hfxsd approved these changes

Assignees

@qiancai qiancai

Labels

approved area/develop This PR relates to the area of TiDB App development. lgtm needs-1-more-lgtm Indicates a PR needs 1 more LGTM. needs-cherry-pick-release-8.5 Should cherry pick this PR to release-8.5 branch. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. translation/from-docs This PR is translated from a PR in pingcap/docs.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@qiancai @ti-chi-bot @hfxsd