When TiSpark authentication is enabled, it reports "Failed to get PD addresses from TiDB, please make sure the user has `PROCESS` privilege on `INFORMATION_SCHEMA`.`CLUSTER_INFO`"

translator_bot · June 21, 2024, 11:58am

Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: TiSpark开启鉴权时，报Failed to get pd addresses from TiDB, please make sure user has PROCESS privilege on INFORMATION_SCHEMA.CLUSTER_INFO

| username: Zealot

TiDB version: 7.1.2
TiSpark version: [tispark-assembly-3.3_2.12-3.2.2.jar]

Same issue as this: tispark开启了tidb鉴权，使用spark-shell查询tidb数据时提示java.lang.IllegalArgumentException: Failed to get pd addresses from TiDB, please make sure user has `PROCESS` privilege on `INFORMATION_SCHEMA`.`CLUSTER_INFO` - TiDB 的问答社区

What I want to ask is, if the issue is due to lack of permissions on the INFORMATION_SCHEMA.CLUSTER_INFO table, how can I grant the necessary permissions? I found that except for the root user, other users do not have permissions. I tried using grant select on INFORMATION_SCHEMA.CLUSTER_INFO to 'user', but it didn’t work. Querying this table still results in 1227 - Access denied; you need (at least one of) the PROCESS privilege(s) for this operation.

I checked the documentation,
Prerequisites

The database’s user account must have the PROCESS privilege.

So it is a problem of lacking the PROCESS privilege. However, when I tried to set the privilege, it reported 1221 - Incorrect usage of DB GRANT and GLOBAL PRIVILEGES. So how should I set the PROCESS privilege?

translator_bot · June 21, 2024, 11:58am

| username: Jellybean | Original post link

Did you perform the flush privileges; operation after granting permissions?

translator_bot · June 21, 2024, 11:58am

| username: dba远航 | Original post link

When granting permissions, you must first have the process privilege, and then grant other permissions. This is a characteristic of system views.

translator_bot · June 21, 2024, 11:58am

| username: ShawnYan | Original post link

What user was used for authorization, what are the current user’s permissions, and what is the authorization statement?

translator_bot · June 21, 2024, 11:58am

| username: Jolyne | Original post link

show grants for the current user to check the current user’s permissions

translator_bot · June 21, 2024, 11:58am

| username: Fly-bird | Original post link

We generally use grant all privileges.

translator_bot · June 21, 2024, 11:58am

| username: Zealot | Original post link

I have already solved this problem. The PROCESS privilege can only be global, so you can only use grant process on *.* to 'test'@'%';. You can only write . here, otherwise, it will report 1227 - Access denied; you need (at least one of) the PROCESS privilege(s) for this operation.

translator_bot · June 21, 2024, 11:58am

| username: ShawnYan | Original post link

That’s right, it’s the same as MySQL, and there’s no risk, so you can grant it with confidence.

translator_bot · June 21, 2024, 11:58am

| username: system | Original post link

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.