Enabling sync permissions


This is a permanent change. Once sync_permissions is enabled, you cannot turn it off and you can no longer create any local non-root users, groups, or roles. When sync_permissions is enabled, as the number of users increases, the operations of changing role permissions, roles of a group, user pools, and roles of a user pool tend to consume more time. Therefore, enabling sync_permissions is not recommended if there are more than 100 users (not necessarily concurrent users) on the system.

  1. Connect to the master aggregator as root and drop all non-root users, if present. Any groups or roles you have created will be removed after you enable sync_permissions.

  2. Set the sync_permissions variable. Because this is a sync variable, once you set this value, it will be set on all child aggregators in your cluster.

    SET GLOBAL sync_permissions = ON;
  3. Recreate users, roles, groups, and grants as needed on the master aggregator.