From 5022c3182d5c67cb0f13cfb121dcb9ef8fd2d6a9 Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Mon, 11 Dec 2023 17:02:27 +0100
Subject: [PATCH] Reduce privileges for SST-user

https://mariadb.com/kb/en/mariabackup-sst-method/#authentication-and-privileges

Only a sub-set is required for SST to function
---
 roles/galera/tasks/cluster_nodes.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/galera/tasks/cluster_nodes.yml b/roles/galera/tasks/cluster_nodes.yml
index a2801649c..43786d41d 100644
--- a/roles/galera/tasks/cluster_nodes.yml
+++ b/roles/galera/tasks/cluster_nodes.yml
@@ -215,7 +215,7 @@
   mysql_user:
     name: "{{ mariadb_cluster_user }}"
     password: "{{ mariadb_cluster_password }}"
-    priv: "*.*:ALL"
+    priv: "*.*:GRANT RELOAD,PROCESS,LOCK TABLES,REPLICATION CLIENT ON"
     state: present
     login_user: root
     login_password: "{{ mariadb_root_password  }}"