Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.
Original topic: DM数据迁移报错权限不足
[TiDB Usage Environment] Production Environment
[TiDB Version] v6.1.1
[Encountered Issue: Problem Phenomenon and Impact]
An error occurs during the DM task execution load phase, indicating a lack of permissions. According to my understanding and rule setting, the load phase should use the TiDB account and permissions. However, the error shows that the TiDB account does not have permissions for the Mysql database. I am unsure whether this is a bug or a configuration issue.
[Attachments: Screenshots/Logs/Monitoring]
[Data Source Configuration (Upstream MySQL Account: ymjxc)]
[DM Task Configuration (TiDB Account: jm; routes rule: migrate the td_jxc_stmtzx_* tables from the upstream jmJxc database to the td_jxc_stmtzx table in the downstream TiDB jhmymysql database)]
[DM Task Error]
Check the permissions of the configured account. DM only supports mysql → tidb…
For tidb → tidb, you need to use another solution.
Are the account permissions correct?
Importing MySQL into TiDB
I tried to grant the jm account all privileges on the jmJxc database in TiDB, and indeed the error disappeared. However, this deviates from the initial design of the routing. The routing rule is to migrate data from the jmJxc database in MySQL to the jhmymysql database in TiDB.
Where did you see that the load phase should use TiDB’s account and permissions? The task should perform a permissions check when it starts.
Insufficient user permissions. Using a higher-privileged user to handle such one-time tasks will help you avoid many issues.
First of all, my task is to migrate from upstream MySQL to downstream TiDB, including both full and incremental migration. The details are as follows: first, dump from the upstream MySQL, where the (ymjxc) account is provided with all privileges for all databases, allowing the tool to have permission to perform the dump work on the upstream MySQL. Then, load into TiDB, where I provided the (jm) account with all privileges for the jhmymysql database. According to the task status, this task reported an error during the load phase, so I determined that there was a permission issue with TiDB. However, I can’t figure out why TiDB needs the permission to create the jmJxc database from the upstream MySQL when my routing rule clearly directs to the jhmymysql database in the downstream TiDB.
In subsequent attempts, I granted the TiDB (jm) account all privileges on all databases, and the task started running. In practice, I created an empty jmJxc database in TiDB, but the data was loaded into the jhmymysql database, achieving my design intention. However, I still don’t understand why an empty jmJxc database was created.
I remember that the sharded table set will have an empty database.
Yes, I don’t know what the purpose of this empty database is.
What are the permissions for that downstream TIDB user? Is it an all-privileges user? If not, you should first grant this user the necessary permissions, and then revoke them after the import is complete.