You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<aid="modifyclustersetting"></a>`MODIFYCLUSTERSETTING` | System | Grants the ability to modify [cluster settings]({% link {{ page.version.version }}/cluster-settings.md %}).
20
20
`MODIFYSQLCLUSTERSETTING` | System | Grants the ability to modify SQL [cluster settings]({% link {{ page.version.version }}/cluster-settings.md %}) (cluster settings prefixed with `sql.`).
21
21
`NOSQLLOGIN` | System | Prevents roles from connecting to the SQL interface of a cluster.
22
-
`REPLICATION` | System | Grants the ability to create a [logical data replication]({% link {{ page.version.version }}/logical-data-replication-overview.md %}) or [physical cluster replication]({% link {{ page.version.version }}/physical-cluster-replication-overview.md %}) stream.
22
+
**Deprecated**`REPLICATION` | System | As of v25.2 `REPLICATION` is **deprecated**. Instead, use the `REPLICATIONSOURCE` and `REPLICATIONDEST` privileges at the table level. Grants the ability to create a [logical data replication]({% link {{ page.version.version }}/logical-data-replication-overview.md %}) or [physical cluster replication]({% link {{ page.version.version }}/physical-cluster-replication-overview.md %}) stream.
23
+
<aid="replicationdest"></a><spanclass="version-tag">New in v25.2:</span>`REPLICATIONDEST` | Table | Grants the ability to run logical data replication into an existing table on the destination cluster. For more details, refer to the [Set Up Logical Data Replication]({% link {{ page.version.version }}/set-up-logical-data-replication.md %}) tutorial.
24
+
<aid="replicationsource"></a><spanclass="version-tag">New in v25.2:</span> `REPLICATIONSOURCE` | Table | Grants the ability to run logical data replication from a table on the source cluster. For more details, refer to the [Set Up Logical Data Replication]({% link {{ page.version.version }}/set-up-logical-data-replication.md %}) tutorial.
23
25
`RESTORE` | System, Database | Grants the ability to restore [backups]({% link {{ page.version.version }}/backup-and-restore-overview.md %}) at the system or database level. Refer to `RESTORE`[Required privileges]({% link {{ page.version.version }}/restore.md %}#required-privileges) for more details.
24
26
`SELECT` | Table, Sequence | Grants the ability to run [selection queries]({% link {{ page.version.version }}/query-data.md %}) at the table or sequence level.
25
27
`UPDATE` | Table, Sequence | Grants the ability to run [update statements]({% link {{ page.version.version }}/update-data.md %}) at the table or sequence level.
Copy file name to clipboardExpand all lines: src/current/v25.2/create-logical-replication-stream.md
+17-5Lines changed: 17 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -20,18 +20,30 @@ If the table you're replicating does not contain [user-defined types]({% link {{
20
20
21
21
## Required privileges
22
22
23
-
`CREATE LOGICAL REPLICATION STREAM`requires one of the following privileges:
23
+
`CREATE LOGICAL REPLICATION STREAM`creates a one-way LDR stream only. To achieve bidirectional replication, you must manually create two separate streams, one in each direction, with the required privileges set on both clusters.
24
24
25
-
- The [`admin` role]({% link {{ page.version.version }}/security-reference/authorization.md %}#admin-role).
26
-
- The [`REPLICATION` system privilege]({% link {{ page.version.version }}/security-reference/authorization.md %}#privileges).
25
+
LDR from cluster A to B represents a one-way stream from a source to a destination cluster. LDR from cluster B to A is the reverse stream for a bidirectional setup.
27
26
28
-
Use the [`GRANT SYSTEM`]({% link {{ page.version.version }}/grant.md %}) statement:
27
+
{% include_cached new-in.html version="v25.2" %} To run the `CREATE LOGICAL REPLICATION STREAM` statement to create an LDR stream, the following privileges are required:
28
+
29
+
LDR direction | Cluster | User role | Required privilege
A ➔ B | A | User in the LDR connection string. | `REPLICATIONSOURCE`
32
+
A ➔ B | B | User running the command. | `REPLICATIONDEST`
33
+
B ➔ A | B | User in the LDR connection string. | `REPLICATIONSOURCE`
34
+
B ➔ A | A | User running the command. | `REPLICATIONDEST`
35
+
36
+
Grant the privilege at the table or [system level]({% link {{ page.version.version }}/grant.md %}#grant-system-level-privileges-on-the-entire-cluster) with the [`GRANT`]({% link {{ page.version.version }}/grant.md %}) statement to a [user or a role]({% link {{ page.version.version }}/security-reference/authorization.md %}#users-and-roles):
29
37
30
38
{% include_cached copy-clipboard.html %}
31
39
~~~sql
32
-
GRANTSYSTEM REPLICATION TO user;
40
+
GRANTREPLICATIONSOURCE ON TABLE database.public.tablename TO user/role;
33
41
~~~
34
42
43
+
{{site.data.alerts.callout_info}}
44
+
As of v25.2, the [`REPLICATION` system privilege]({% link {{ page.version.version }}/security-reference/authorization.md %}#privileges) is **deprecated** and will be removed in a future release. Use `REPLICATIONSOURCE` and `REPLICATIONDEST` for authorization at the table level.
Copy file name to clipboardExpand all lines: src/current/v25.2/create-logically-replicated.md
+31-5Lines changed: 31 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -22,18 +22,44 @@ This page is a reference for the `CREATE LOGICALLY REPLICATED` SQL statement, wh
22
22
23
23
## Required privileges
24
24
25
-
`CREATE LOGICALLY REPLICATED` requires one of the following privileges:
25
+
{% include_cached new-in.html version="v25.2" %} Users need the following privileges to create an LDR stream with `CREATE LOGICALLY REPLICATED`:
26
26
27
-
- The [`admin` role]({% link {{ page.version.version }}/security-reference/authorization.md %}#admin-role).
28
-
- The [`REPLICATION` system privilege]({% link {{ page.version.version }}/security-reference/authorization.md %}#privileges).
27
+
-**Source connection string user:** Needs the `REPLICATIONSOURCE` privilege on the source table(s). This is the user specified in the [source connection string]({% link {{ page.version.version }}/set-up-logical-data-replication.md %}#step-2-connect-from-the-destination-to-the-source) in unidirectional or bidirectional streams.
28
+
-**User starting the LDR stream on the destination:** Must have `CREATE` on the destination database **and** be the same user that is specified in the destination connection string for a bidirectional stream. The destination table will be created and the user given the `REPLICATIONDEST` privilege on the new table automatically.
29
+
-**For reverse (bidirectional) setup:** The original source user must have `REPLICATIONDEST` on the tables in the original source cluster.
29
30
30
-
Use the [`GRANT SYSTEM`]({% link {{ page.version.version }}/grant.md %}) statement:
31
+
LDR from cluster A to B represents a _unidirectional_ setup from a source to a destination cluster. LDR from cluster B to A is the reverse stream for a _bidirectional_ setup:
32
+
33
+
Replication direction | Cluster | User role | Required privileges
A ➔ B | A | User in source connection string. | `REPLICATIONSOURCE` on A's tables.
36
+
A ➔ B | B | User running `CREATE LOGICALLY REPLICATED` from the destination cluster. The destination table will be created and the user given the `REPLICATIONDEST` privilege on the new table automatically.<br>**Note:** Must match the user in the destination connection string for bidirectional LDR. | `CREATE` on B's parent database.
37
+
Reverse replication requirement | A | Original source connection string user. | `REPLICATIONDEST` on A's tables.
38
+
39
+
For example, the user `maxroach` will run the following statement to start LDR on the destination cluster:
40
+
41
+
{% include_cached copy-clipboard.html %}
42
+
~~~sql
43
+
CREATE LOGICALLY REPLICATED TABLE B.tableFROM TABLE A.tableON'A_connection_string/user=samroach' WITH BIDIRECTIONAL ON'B_connection_string/user=maxroach;
44
+
~~~
45
+
46
+
To start LDR successfully with this statement:
47
+
48
+
- `maxroach` requires `CREATE` on database B, implicitly gets `REPLICATIONDEST` and `REPLICATIONSOURCE` on `B.table`.
49
+
- `samroach` requires `REPLICATIONSOURCE` and `REPLICATIONDEST` on `A.table`.
50
+
- `maxroach` must be the user in the `BIDIRECTIONAL ON` connection string.
51
+
52
+
Grant the privilege at the table or [system level]({% link {{ page.version.version }}/grant.md %}#grant-system-level-privileges-on-the-entire-cluster) with the [`GRANT`]({% link {{ page.version.version }}/grant.md %}) statement to a [user or a role]({% link {{ page.version.version }}/security-reference/authorization.md %}#users-and-roles):
31
53
32
54
{% include_cached copy-clipboard.html %}
33
55
~~~ sql
34
-
GRANTSYSTEM REPLICATION TO user;
56
+
GRANT REPLICATIONSOURCE ON TABLE database.public.tablename TO user/role;
35
57
~~~
36
58
59
+
{{site.data.alerts.callout_info}}
60
+
As of v25.2, the [`REPLICATION` system privilege]({% link {{ page.version.version }}/security-reference/authorization.md %}#privileges) is **deprecated** and will be removed in a future release. Use `REPLICATIONSOURCE` and `REPLICATIONDEST` for authorization at the table level.
Copy file name to clipboardExpand all lines: src/current/v25.2/set-up-logical-data-replication.md
+49-22Lines changed: 49 additions & 22 deletions
Original file line number
Diff line number
Diff line change
@@ -15,14 +15,24 @@ In this tutorial, you will set up [**logical data replication (LDR)**]({% link {
15
15
-_Unidirectional_ LDR from a source table to a destination table (cluster A to cluster B) in one LDR job.
16
16
-_Bidirectional_ LDR for the same table from cluster A to cluster B and from cluster B to cluster A. In a bidirectional setup, each cluster operates as both a source and a destination in separate LDR jobs.
17
17
18
-
Create the new table on the destination cluster automatically and conduct a fast, offline initial scan with the [`CREATE LOGICALLY REPLICATED`]({% link {{ page.version.version }}/create-logically-replicated.md %}) syntax. `CREATE LOGICALLY REPLICATED` accepts `unidirectional` or `bidirectional on` as an option in order to create one of the setups automatically. [Step 3](#step-3-start-ldr) outlines when to use the `CREATE LOGICALLY REPLICATED` or the `CREATE LOGICAL REPLICATION STREAM` syntax to start LDR.
19
-
20
-
In the following diagram, **LDR stream 1** creates a unidirectional LDR setup, introducing **LDR stream 2** extends the setup to bidirectional.
18
+
In the following diagram, **LDR stream 1** creates a unidirectional LDR setup. Introducing **LDR stream 2** extends the setup to bidirectional.
21
19
22
20
<imagesrc="{{ 'images/v25.2/bidirectional-stream.svg' | relative_url }}"alt="Diagram showing bidirectional LDR from cluster A to B and back again from cluster B to A."style="width:70%" />
23
21
24
22
For more details on use cases, refer to the [Logical Data Replication Overview]({% link {{ page.version.version }}/logical-data-replication-overview.md %}).
25
23
24
+
## Syntax
25
+
26
+
LDR streams can be started using one of the following SQL statements, depending on your requirements:
27
+
28
+
-[`CREATE LOGICALLY REPLICATED`]({% link {{ page.version.version }}/create-logically-replicated.md %}): Creates the new table on the destination cluster automatically, and conducts a fast, offline initial scan. `CREATE LOGICALLY REPLICATED` accepts `unidirectional` or `bidirectional on` as an option in order to create either one of the setups automatically. **The table cannot contain [user-defined types]({% link {{ page.version.version }}/enum.md %}) or [foreign key]({% link {{ page.version.version }}/foreign-key.md %}) dependencies.** Follow [these steps](#create-logically-replicated) for setup instructions.
29
+
-[`CREATE LOGICAL REPLICATION STREAM`]({% link {{ page.version.version }}/create-logical-replication-stream.md %}): Starts the LDR stream after you've created the matching table on the destination cluster. **If the table contains user-defined types or foreign key dependencies, you must use this syntax.** Allows for manual creation of unidirectional or bidirectional LDR. Follow [these steps](#create-logical-replication-stream) for setup instructions.
30
+
31
+
Also, for both SQL statements, note:
32
+
33
+
- It is necessary to use the [fully qualified]({% link {{ page.version.version }}/sql-name-resolution.md %}) table name for the source table and destination table in the statement.
34
+
- {% include {{ page.version.version }}/ldr/multiple-tables.md %}
35
+
26
36
## Tutorial overview
27
37
28
38
If you're setting up bidirectional LDR, both clusters will act as a source and a destination in the respective LDR jobs. The high-level steps for setting up bidirectional or unidirectional LDR:
@@ -53,7 +63,7 @@ You cannot use LDR on a table with a schema that contains:
53
63
- Indexes with a [virtual computed column]({% link {{ page.version.version }}/computed-columns.md %})
54
64
- Composite types in the [primary key]({% link {{ page.version.version }}/primary-key.md %})
55
65
56
-
Additionally, for the `CREATE LOGICALLY REPLCATED` syntax, you cannot use LDR on a table with a schema that contains:
66
+
Additionally, for the `CREATE LOGICALLY REPLICATED` syntax, you cannot use LDR on a table with a schema that contains:
57
67
58
68
-[User-defined types]({% link {{ page.version.version }}/enum.md %})
59
69
-[Foreign key]({% link {{ page.version.version }}/foreign-key.md %}) dependencies
@@ -84,19 +94,43 @@ If you are setting up bidirectional LDR, you **must** run this step on both clus
84
94
SET CLUSTER SETTING kv.rangefeed.enabled = true;
85
95
~~~
86
96
87
-
1. On the **destination**, create a user with the [`REPLICATION` system privilege]({% link {{ page.version.version }}/security-reference/authorization.md %}#supported-privileges) who will start the LDR job:
97
+
1. On the **destination**, create a user who will start the LDR job:
88
98
89
99
{% include_cached copy-clipboard.html %}
90
-
~~~sql
91
-
CREATE USER {your username} WITH PASSWORD '{your password}';
100
+
~~~sql
101
+
CREATE USER {your_username} WITH PASSWORD '{your_password}';
92
102
~~~
93
103
104
+
1. Choose the appropriate privilege based on the SQL statement the user on the destination cluster will run. (For details on which syntax to use, refer to the [Syntax](#syntax) section at the beginning of this tutorial):
105
+
- [`CREATE LOGICAL REPLICATION STREAM`]({% link {{ page.version.version }}/create-logical-replication-stream.md %}) (replicating into an **existing table**). Grant the [`REPLICATIONDEST` privilege]({% link {{ page.version.version }}/security-reference/authorization.md %}#replicationdest) on the **destination table**, which allows the user to stream data into the existing table:
106
+
107
+
{% include_cached copy-clipboard.html %}
108
+
~~~sql
109
+
GRANT REPLICATIONDEST ON TABLE {your_db}.{your_schema}.{your_table} TO {your_username};
110
+
~~~
111
+
- [`CREATE LOGICALLY REPLICATED`]({% link {{ page.version.version }}/create-logically-replicated.md %}) (creating a **new table** as part of the replication). Grant the [`CREATE` privilege]({% link {{ page.version.version }}/create-database.md %}#required-privileges) on the **parent database**, which allows the user to create a new table in the specified database, and the user will automatically have `REPLICATIONDEST` on the table they create:
112
+
113
+
{% include_cached copy-clipboard.html %}
114
+
~~~sql
115
+
GRANT CREATE ON DATABASE {your_db} TO {your_username};
116
+
~~~
117
+
118
+
1. On the **source**, grant the user who will be [specified in the connection string to the source cluster](#step-2-connect-from-the-destination-to-the-source) the [`REPLICATIONSOURCE` privilege]({% link {{ page.version.version }}/security-reference/authorization.md %}#replicationsource):
119
+
94
120
{% include_cached copy-clipboard.html %}
95
-
~~~sql
96
-
GRANT SYSTEM REPLICATION TO {your username};
121
+
~~~sql
122
+
GRANT REPLICATIONSOURCE ON TABLE {your_db}.{your_schema}.{your_table} TO {your_username};
97
123
~~~
98
124
99
-
To change the password later, refer to [`ALTER USER`]({% link {{ page.version.version }}/alter-user.md %}).
125
+
1. (Optional) If you are setting up **bidirectional** LDR, each cluster must authorize both stream directions using the table-level privileges depending on the syntax you're using:
126
+
- [`CREATE LOGICAL REPLICATION STREAM`]({% link {{ page.version.version }}/create-logical-replication-stream.md %}) (setting up a reverse stream manually). Grant `REPLICATIONDEST` and `REPLICATIONSOURCE` to the users in the reverse direction.
127
+
- [`CREATE LOGICALLY REPLICATED`]({% link {{ page.version.version }}/create-logically-replicated.md %}) (setting up a bidirectional stream automatically). Grant the original source user `REPLICATIONDEST` on the tables.
128
+
129
+
{{site.data.alerts.callout_info}}
130
+
As of v25.2, the `REPLICATION` system privilege has been **deprecated** and replaced with the granular, table-level privileges: `REPLICATIONSOURCE` and `REPLICATIONDEST`.
131
+
{{site.data.alerts.end}}
132
+
133
+
To change the password later, refer to [`ALTER USER`]({% link {{ page.version.version }}/alter-user.md %}).
100
134
101
135
## Step 2. Connect from the destination to the source
102
136
@@ -157,17 +191,10 @@ In this step, you'll start the LDR stream(s) from the destination cluster. You c
157
191
- `immediate` (default): {% include {{ page.version.version }}/ldr/immediate-description.md %}
158
192
- `validated`: {% include {{ page.version.version }}/ldr/validated-description.md %}
159
193
160
-
### Syntax
161
-
162
-
LDR streams can be started using one of the following SQL statements, depending on your requirements:
163
-
164
-
- [`CREATE LOGICALLY REPLICATED`]({% link {{ page.version.version }}/create-logically-replicated.md %}): Creates the new table on the destination cluster automatically, and conducts a fast, offline initial scan. `CREATE LOGICALLY REPLICATED` accepts `unidirectional` or `bidirectional on` as an option in order to create either one of the setups automatically. **The table cannot contain a [user-defined types]({% link {{ page.version.version }}/enum.md %}) or [foreign key]({% link {{ page.version.version }}/foreign-key.md %}) dependencies.** Follow [these steps](#create-logically-replicated) for setup instructions.
165
-
- [`CREATE LOGICAL REPLICATION STREAM`]({% link {{ page.version.version }}/create-logical-replication-stream.md %}): Starts the LDR stream after you've created the matching table on the destination cluster. **If the table contains user-defined types or foreign key dependencies, you must use this syntax.** Allows for manual creation of unidirectional or bidirectional LDR. Follow [these steps](#create-logical-replication-stream) for setup instructions.
194
+
LDR streams can be started using one of the following sections for instructions on creating an LDR stream. For details on which syntax to use, refer to the [Syntax](#syntax) section at the beginning of this tutorial:
166
195
167
-
Also, for both SQL statements, note:
168
-
169
-
- It is necessary to use the [fully qualified]({% link {{ page.version.version }}/sql-name-resolution.md %}) table name for the source table and destination table in the statement.
170
-
- {% include {{ page.version.version }}/ldr/multiple-tables.md %}
@@ -182,7 +209,7 @@ Use `CREATE LOGICALLY REPLICATED` to create either a unidirectional or bidirecti
182
209
183
210
- Bidirectional LDR: This statement will first create the LDR jobs for the first stream. You must run it from the **destination** cluster that does not contain the table. Once the offline initial scan completes, the reverse stream will be initialized so that the original destination cluster can send changes to the original source.
184
211
185
-
Run the following from the **destination** cluster (i.e, the cluster that does not have the table currently):
212
+
Run the following from the **destination** cluster (i.e., the cluster that currently does not have the table):
186
213
187
214
{% include_cached copy-clipboard.html %}
188
215
~~~ sql
@@ -237,7 +264,7 @@ If you're setting up bidirectional LDR, both clusters will have a history retent
237
264
238
265
### DB Console
239
266
240
-
You'll access the [DB Console]({% link {{ page.version.version }}/ui-overview.md %}) and monitor the status and metrics for the created LDR jobs. Depending on which cluster you would like to view, follow the instructions for either the source or destination.
267
+
You can access the [DB Console]({% link {{ page.version.version }}/ui-overview.md %}) and monitor the status and metrics for the created LDR jobs. Depending on which cluster you would like to view, follow the instructions for either the source or destination.
241
268
242
269
{{site.data.alerts.callout_success}}
243
270
You can use the [DB Console]({% link {{ page.version.version }}/ui-overview.md %}), the SQL shell, [Metrics Export]({% link {{ page.version.version }}/datadog.md %}#enable-metrics-collection) with Prometheus and Datadog, and [labels with some LDR metrics]({% link {{ page.version.version }}/multi-dimensional-metrics.md %}) to monitor the job.
0 commit comments