- Release Notes
- Product Introduction
- Purchase Guide
- Quick Start
- Preparations
- NewDTS
- Databases Supported by Data Migration
- Migration from MySQL to TencentDB for MySQL
- Migration from MariaDB or Percona to TencentDB for MySQL
- Migration from MySQL to TDSQL for MySQL
- Migration from MySQL to TencentDB for MariaDB (Percona)
- Migration from PostgreSQL to TencentDB for PostgreSQL
- Migration from MongoDB to TencentDB for MongoDB
- Migration from SQL Server to TencentDB for SQL Server
- Offline Migration of MySQL Data
- Task Management
- Creating Data Consistency Check Task
- Data Sync
- Data Subscription Kafka Edition
- Data Subscription (Legacy)
- Data Migration (Legacy)
- MySQL Data Migration
- Migrating from Public Network-based External MySQL to TencentDB for MySQL
- Migrating from External MySQL Based on Direct Connect/VPN Gateway to TencentDB for MySQL
- Migrating from CCN-based Self-created MySQL to TencentDB for MySQL
- Migrating from AWS RDS for MySQL to TencentDB for MySQL
- Migrating from AWS Aurora for MySQL to TencentDB for MySQL
- Migrating from Alibaba Cloud RDS for MySQL to TencentDB for MySQL
- Migrating from Alibaba Cloud PolarDB for MySQL to TencentDB for MySQL
- Migration between TencentDB for MySQL Instances
- Online Import of MySQL Data
- Offline Migration of MySQL Data
- Migrating from Alibaba Cloud ApsaraDB for RDS to TencentDB
- Redis Data Migration
- MongoDB Data Migration
- MariaDB Data Migration
- MySQL Data Migration
- Fix for Verification Failure
- Check Item Overview
- Database Connection Check
- Peripheral Check
- Version Check
- Source Database Permission Check
- Partial Database Parameter Check
- Target Database Content Conflict Check
- Target Database Space Check
- Binlog Parameter Check
- Foreign Key Dependency Check
- View Check
- Warning Item Check
- RDS Check
- DLL Ring Sync Check for Single Database/Table Object
- DLL Sync Conflict Check for Single Database/Table Object in the Same Target
- Parameter Configuration Conflict Check
- Incremental Migration Precondition Check
- Extension/Plugin Compatibility Check
- Account Conflict Check
- Oplog Check
- Source Database Balancer Check
- Source Database Node Role Check
- ShardKey Check
- Target Database Load Check
- Local Disk Space Check
- Source Database Existence Check
- Target Database Existence Check
- Migration Network Check
- Cutover Description
- Connection to Cloud Monitor
- Best Practices
- API Documentation
- SDK Documentation
- FAQs
- Release Notes
- Product Introduction
- Purchase Guide
- Quick Start
- Preparations
- NewDTS
- Databases Supported by Data Migration
- Migration from MySQL to TencentDB for MySQL
- Migration from MariaDB or Percona to TencentDB for MySQL
- Migration from MySQL to TDSQL for MySQL
- Migration from MySQL to TencentDB for MariaDB (Percona)
- Migration from PostgreSQL to TencentDB for PostgreSQL
- Migration from MongoDB to TencentDB for MongoDB
- Migration from SQL Server to TencentDB for SQL Server
- Offline Migration of MySQL Data
- Task Management
- Creating Data Consistency Check Task
- Data Sync
- Data Subscription Kafka Edition
- Data Subscription (Legacy)
- Data Migration (Legacy)
- MySQL Data Migration
- Migrating from Public Network-based External MySQL to TencentDB for MySQL
- Migrating from External MySQL Based on Direct Connect/VPN Gateway to TencentDB for MySQL
- Migrating from CCN-based Self-created MySQL to TencentDB for MySQL
- Migrating from AWS RDS for MySQL to TencentDB for MySQL
- Migrating from AWS Aurora for MySQL to TencentDB for MySQL
- Migrating from Alibaba Cloud RDS for MySQL to TencentDB for MySQL
- Migrating from Alibaba Cloud PolarDB for MySQL to TencentDB for MySQL
- Migration between TencentDB for MySQL Instances
- Online Import of MySQL Data
- Offline Migration of MySQL Data
- Migrating from Alibaba Cloud ApsaraDB for RDS to TencentDB
- Redis Data Migration
- MongoDB Data Migration
- MariaDB Data Migration
- MySQL Data Migration
- Fix for Verification Failure
- Check Item Overview
- Database Connection Check
- Peripheral Check
- Version Check
- Source Database Permission Check
- Partial Database Parameter Check
- Target Database Content Conflict Check
- Target Database Space Check
- Binlog Parameter Check
- Foreign Key Dependency Check
- View Check
- Warning Item Check
- RDS Check
- DLL Ring Sync Check for Single Database/Table Object
- DLL Sync Conflict Check for Single Database/Table Object in the Same Target
- Parameter Configuration Conflict Check
- Incremental Migration Precondition Check
- Extension/Plugin Compatibility Check
- Account Conflict Check
- Oplog Check
- Source Database Balancer Check
- Source Database Node Role Check
- ShardKey Check
- Target Database Load Check
- Local Disk Space Check
- Source Database Existence Check
- Target Database Existence Check
- Migration Network Check
- Cutover Description
- Connection to Cloud Monitor
- Best Practices
- API Documentation
- SDK Documentation
- FAQs
User Permission Migration in MySQL Data Migration
Last updated: 2021-12-27 11:46:58
Overview
NewDTS focuses more on the data content itself during MySQL data migration. It migrates basic tables and views only but not user permission information. This document describes how to migrate user permissions.
In this document, pt-show-grants is used to export user permissions from the source database and import them to the target database.
Preparations
- Install pt-show-grants and learn its basic operations. This document uses pt-show-grants 3.2.0 as an example.
- Authorize the migration account in the source database. The following uses the
dtsuser as an example:CREATE USER 'dts'@'%' IDENTIFIED BY 'migration password'; GRANT SELECT ON `mysql`.* TO 'dts'@'%'; - Authorize the migration account in the target database. The following uses the
dtsuser as an example:CREATE USER 'dts'@'%' IDENTIFIED BY 'migration password'; GRANT SELECT,CREATE USER,LOCK TABLES,SHOW VIEW,TRIGGER,ALTER,ALTER ROUTINE,CREATE,CREATE ROUTINE,CREATE TABLESPACE,CREATE TEMPORARY TABLES,CREATE VIEW,DELETE,DROP,EVENT,EXECUTE, INDEX,INSERT,PROCESS,REFERENCES,RELOAD,UPDATE,SHOW DATABASES on *.* to 'dts'@'%'; FLUSH PRIVILEGES; - During migration, we recommend you not write sessions other than the migration session into the target database. If you need to access the target database, we recommend you create an account with read-only permissions. This helps avoid the risks of double write which may cause data conflicts and task failures. The following uses the
read_onlyuser as an example:CREATE USER 'read_only'@'%' IDENTIFIED BY 'migration password'; GRANT SELECT, SHOW DATABASES, SHOW VIEW on *.* to 'read_only'@'%'; FLUSH PRIVILEGES;
Notes
- If the target database is TencentDB for MySQL, only the following general permissions can be imported, while high-level permissions cannot. This restriction is mainly used to avoid the business risks caused by maloperations of high-privileged users.
SELECT, CREATE USER, LOCK TABLES, SHOW VIEW, TRIGGER, ALTER, ALTER ROUTINE, CREATE,CREATE ROUTINE, CREATE TABLESPACE, CREATE TEMPORARY TABLES, CREATE VIEW,DELETE,DROP,EVENT,EXECUTE, INDEX, INSERT, PROCESS, REFERENCES, RELOAD, UPDATE, SHOW DATABASES, REPLICATION CLIENT, and REPLICATION SLAVE. - The SQL statements generated by pt-show-grants for the source database vary by source MySQL version. Statements generated on versions below 5.7.6 cannot be imported to target databases on 5.7.6 or above.
Directions
- Run the following command in the source database to export the user account information.
You can specify--ignoreto filter out high-privileged accounts that cannot be imported by MySQL.pt-show-grants --user=root --host=<src host or ip> --port=<src port> --user=<user> --password=<password> --ignore 'mysql.sys'@'localhost','mysql.session'@'localhost','mysql.infoschema'@'localhost','root','root'@'localhost' > account.sql - Import the user account information into the target database.
mysql -u<user> -p<password> -h<dst ip or host> -P<dst port> -e "source account.sql"-- Grants dumped by pt-show-grants -- Dumped from server xxxx via TCP/IP, MySQL 8.0.22-txsql at 2021-09-01 11:28:21 -- Grants for 'dts'@'%' CREATE USER IF NOT EXISTS 'dts'@'%'; ALTER USER 'dts'@'%' IDENTIFIED WITH 'mysql_native_password' AS '*F2XFE7135318FD1F12CDF7B027506096F223DDD46' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK PASSWORD HISTORY DEFAULT PASSWORD REUSE INTERVAL DEFAULT PASSWORD REQUIRE CURRENT DEFAULT; GRANT LOCK TABLES, PROCESS, RELOAD, REPLICATION CLIENT, REPLICATION SLAVE, SELECT, SHOW DATABASES, SHOW VIEW ON *.* TO `dts`@`%`; GRANT SELECT ON `mysql`.* TO `dts`@`%`;-- Grants dumped by pt-show-grants -- Dumped from server xxxx via TCP/IP, MySQL 5.6.16-log at 2021-09-01 11:33:53 -- Grants for 'dts'@'%' GRANT LOCK TABLES, PROCESS, RELOAD, REPLICATION CLIENT, REPLICATION SLAVE, SELECT, SHOW VIEW ON *.* TO 'dts'@'%' IDENTIFIED BY PASSWORD '*47D7DB84D97A8D7EFD5B3CFA20A7A2433A9E86A4'; GRANT ALL PRIVILEGES ON `__tencentdb__`.* TO 'dts'@'%'; GRANT SELECT ON `mysql`.* TO 'dts'@'%';
Yes
No
Was this page helpful?