Why is the `RELOAD` Privilege Required for MySQL CDC with Debezium?

I'm trying to connect AWS RDS with RisingWave using mysql-cdc, and I've noticed that the user needs RELOAD privileges. I'm concerned about what exactly this privilege allows the user to do, especially in terms of modifying or deleting information like cache or binlogs. I want to ensure that granting this privilege won't cause any issues on a Production RDS environment.


Sumit Singh

Asked on Dec 21, 2023

The RELOAD privilege is required by the Debezium connector for MySQL CDC to acquire a global read lock during the initial snapshot of the captured table. This is necessary to ensure a consistent snapshot by preventing concurrent writes. The RELOAD privilege is related to modifying the configuration of the MySQL instance but does not allow deletion of binlogs or cache. Using debezium.snapshot.mode='schema_only' still requires a snapshot of the schema, and if RELOAD is not granted, it will fallback to requiring LOCK TABLES privilege, which can affect the upstream workload and is not recommended. The global read lock with RELOAD is held for a shorter time than with LOCK TABLES. If AWS RDS prevents acquiring a global read lock, you may need to grant LOCK TABLES for the specific tables you want to ingest and recreate the CDC table.

Dec 21, 2023Edited by