pingcap/tidb

set session level `sql_require_primary_key` didn't check privilege

Open

#61,825 opened on Jun 19, 2025

View on GitHub
 (4 comments) (0 reactions) (0 assignees)Go (6,186 forks)batch import
good first issueseverity/moderatesig/sql-infratype/bug

Repository metrics

Stars
 (40,090 stars)
PR merge metrics
 (Avg merge 14d 4h) (369 merged PRs in 30d)

Description

Bug Report

Please answer these questions before submitting your issue. Thanks!

1. Minimal reproduce step (Required)

mysql> CREATE USER 'test'@'%' IDENTIFIED BY '';
Query OK, 0 rows affected (0.027 sec)
$ mysql -u test -h 127.0.0.1 -P 4000
...
mysql> set sql_require_primary_key = 0;
Query OK, 0 rows affected (0.000 sec)

mysql> set global sql_require_primary_key = 0;
ERROR 1227 (42000): Access denied; you need (at least one of) the SUPER or SYSTEM_VARIABLES_ADMIN privilege(s) for this operation

2. What did you expect to see? (Required)

both session and global level should fail. https://dev.mysql.com/doc/refman/8.4/en/server-system-variables.html#sysvar_sql_require_primary_key

3. What did you see instead (Required)

session level has no error

4. What is your TiDB version? (Required)

at least v8.5.2

Contributor guide