From 15325d62990cd2d53b5145ac01c0125776934bc5 Mon Sep 17 00:00:00 2001 From: Morgan Tocker Date: Tue, 18 May 2021 19:11:49 -0600 Subject: [PATCH 1/2] Add documentation for SEM --- system-variables.md | 11 +++++++++++ tidb-configuration-file.md | 6 ++++++ 2 files changed, 17 insertions(+) diff --git a/system-variables.md b/system-variables.md index 21251da0d0ff1..55f7d353fde0e 100644 --- a/system-variables.md +++ b/system-variables.md @@ -427,6 +427,17 @@ Constraint checking is always performed in place for pessimistic transactions (d - Default value: ON - This variable controls whether to record the execution information of each operator in the slow query log. +### tidb_enable_enhanced_security + +- Scope: NONE +- Default value: OFF +- This variable indicates if the TiDB server you are connected to was started with Security Enhanced Mode (SEM) enabled. +- SEM is inspired by the design of systems such as [Security-Enhanced Linux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux). It reduces the capabilities of users with the MySQL `SUPER` privilege, and instead requires `RESTRICTED` fine grained privileges to be granted as a replacement. These include: + - `RESTRICTED_TABLES_ADMIN`: The ability to write to system tables in the `mysql` schema, and see sensitive columns on `information_schema` tables. + - `RESTRICTED_STATUS_ADMIN`: The ability to see sensitive variables in the command `SHOW STATUS`. + - `RESTRICTED_VARIABLES_ADMIN`: The ability to see and set sensitive variables in `SHOW [GLOBAL] VARIABLES` and `SET`. + - `RESTRICTED_USER_ADMIN`: The ability to prevent other users from making changes or dropping a user account. + ### tidb_enable_fast_analyze - Scope: SESSION | GLOBAL diff --git a/tidb-configuration-file.md b/tidb-configuration-file.md index d874ffa827931..a03e137705d77 100644 --- a/tidb-configuration-file.md +++ b/tidb-configuration-file.md @@ -268,6 +268,12 @@ Configuration items related to log files. Configuration items related to security. +### `enable-sem` + +- Enable the Security Enhanced Mode (SEM). +- Default value: `false` +- The status of security enhanced mode is available via the system variable [`tidb_enable_enhanced_security`](/system-variables.md#tidb_enable_enhanced_security). + ### `ssl-ca` - The file path of the trusted CA certificate in the PEM format. From c8758d7b8c130ed8c52aa331e27110c383fed166 Mon Sep 17 00:00:00 2001 From: Morgan Tocker Date: Tue, 25 May 2021 14:19:40 -0600 Subject: [PATCH 2/2] Add clarification on scope NONE --- system-variables.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/system-variables.md b/system-variables.md index 55f7d353fde0e..ad3616e97ab6c 100644 --- a/system-variables.md +++ b/system-variables.md @@ -10,6 +10,7 @@ TiDB system variables behave similar to MySQL with some differences, in that set - Changes to `GLOBAL` scoped variables **only apply to new connection sessions with TiDB**. Currently active connection sessions are not affected. These changes are persisted and valid after restarts. - Changes to `INSTANCE` scoped variables apply to all active or new connection sessions with the current TiDB instance immediately after the changes are made. Other TiDB instances are not affected. These changes are not persisted and become invalid after TiDB restarts. +- Variables can also have `NONE` scope. These variables are read-only, and are typically used to convey static information that will not change after a TiDB server has started. Variables can be set with the [`SET` statement](/sql-statements/sql-statement-set-variable.md) on a per-session, instance or global basis: @@ -431,7 +432,7 @@ Constraint checking is always performed in place for pessimistic transactions (d - Scope: NONE - Default value: OFF -- This variable indicates if the TiDB server you are connected to was started with Security Enhanced Mode (SEM) enabled. +- This variable indicates if the TiDB server you are connected to has Security Enhanced Mode (SEM) enabled, and can not be changed without restarting the TiDB server. - SEM is inspired by the design of systems such as [Security-Enhanced Linux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux). It reduces the capabilities of users with the MySQL `SUPER` privilege, and instead requires `RESTRICTED` fine grained privileges to be granted as a replacement. These include: - `RESTRICTED_TABLES_ADMIN`: The ability to write to system tables in the `mysql` schema, and see sensitive columns on `information_schema` tables. - `RESTRICTED_STATUS_ADMIN`: The ability to see sensitive variables in the command `SHOW STATUS`.