HOWTO distribute user privileges in a MySQL Cluster. This text is a short description how to distribute MySQL privilege tables to all connected MySQL servers belonging to a MySQL Cluster. This enables adding and removing users to the system as well as defining grants for various privileges in a more or less transparent manner. Flushing of grants might be needed to make changes visible on already opened connections. The procedure is based on moving the privilege tables from local storage (MyISAM) to distributed storage (ndbcluster). To simplify the procedure a number of store procedures have been defined to more or less automate the procedure. The procedures can be created by running the script ndb_dist_priv.sql (which you find in storage/ndb/tools/ or share/mysql/ depending on your distribution of the mysql files) through "mysql" Example: "mysql --user root < storage/ndb/tool/ndb_dist_priv.sql" IMPORTANT: Prior to performing the actual distribution it is recommended to backup the current privilege tables, using for example mysqldump: "mysqldump --user root mysql user db tables_priv columns_priv procs_priv" The actual procedure can be initiated by running the stored procedure mysql_cluster_move_privilege_tables once on any connected MySQL server: "call mysql.mysql_cluster_move_privileges();" NOTE: This procedure will create two sets of backups of the privilege tables as well, one local and one distributed. These are used to revert the tables if anything goes wrong during the distribution process. To verify that the procedure was successful one can do the following query: "select mysql.mysql_cluster_privileges_are_distributed();" which should return 1 if procedure was successful. NOTE: If a MySQL server is disconnected from the cluster while the privilege tables are being moved the local privilege tables will need to be dropped and refreshed when the MySQL server has reconnected: use mysql; select mysql_cluster_privileges_are_distributed(); 0 drop table if exists user db tables_priv columns_priv procs_priv; show tables; select mysql_cluster_privileges_are_distributed(); 1 In case cluster being restarted with resetting of all tables (--inital) the privilege tables will be lost after the they have been moved. If no MySQL server is available to revert the tables (either from the local backup tables or from a mysqldump file). If a new MYSQL server needs to be connected to the cluster to perform restoring the privilege tables it will need to be started with the flag --skip-grant-tables. After the local tables have been restored they can be distributed again by again calling: "call mysql.mysql_cluster_move_privileges();" After that the MySQL server should be restarted without the --skip-grant-tables flag. Once privilige tables have been stored in ndb they will be part of ndb backups. However, if one want to restore these tables from a backup one has to give an new option flag --restore-privilege-tables to ndb_restore. Known limitations: All changes to privilege tables are automatically distributed when the privilege tables have been moved to ndb. However, since privilege data is cached per connection, a remote change will not be vissible until one do a: "flush privileges;" If for some reason want to revert distribution of privilege tables back to local tables this has to be done on each mysqld by running: "call mysql.mysql_cluster_restore_local_privileges();"