Dynamic privileges for RDS for MySQL

Dynamic privileges are MySQL privileges that you can explicitly grant by using the GRANT statement. Depending on your version of RDS for MySQL, RDS allows you to grant only specific dynamic privileges. RDS disallows some of these privileges because they can interfere with the specific database operations, such as replication and backup.

The following table shows which of these privileges you can grant for different MySQL versions. If you are upgrading from a MySQL version lower than 8.0.36 to version 8.0.36 or higher, you might have to update your application code if granting a particular privilege is no longer allowed.

Privilege	MySQL 8.0.35 and lower	MySQL 8.0.36 and higher minor versions	MySQL 8.4.3 and higher
ALLOW_NONEXISTENT_DEFINER	Not available	Not available	Disallowed
APPLICATION_PASSWORD_ADMIN	Allowed	Allowed	Allowed
AUDIT_ABORT_EXEMPT	Allowed	Disallowed	Disallowed
AUDIT_ADMIN	Disallowed	Disallowed	Disallowed
AUTHENTICATION_POLICY_ADMIN	Allowed	Disallowed	Disallowed
BACKUP_ADMIN	Allowed	Disallowed	Disallowed
BINLOG_ADMIN	Allowed	Disallowed	Disallowed
BINLOG_ENCRYPTION_ADMIN	Disallowed	Disallowed	Disallowed
CLONE_ADMIN	Disallowed	Disallowed	Disallowed
CONNECTION_ADMIN	Allowed	Disallowed	Disallowed
ENCRYPTION_KEY_ADMIN	Disallowed	Disallowed	Disallowed
FIREWALL_ADMIN	Disallowed	Disallowed	Disallowed
FIREWALL_EXEMPT	Allowed	Disallowed	Disallowed
FIREWALL_USER	Disallowed	Disallowed	Disallowed
FLUSH_OPTIMIZER_COSTS	Allowed	Allowed	Allowed
FLUSH_PRIVILEGES	Not available	Not available	Allowed
FLUSH_STATUS	Allowed	Allowed	Allowed
FLUSH_TABLES	Allowed	Allowed	Allowed
FLUSH_USER_RESOURCES	Allowed	Allowed	Allowed
GROUP_REPLICATION_ADMIN	Disallowed	Disallowed	Disallowed
GROUP_REPLICATION_STREAM	Disallowed	Disallowed	Disallowed
INNODB_REDO_LOG_ARCHIVE	Disallowed	Disallowed	Disallowed
INNODB_REDO_LOG_ENABLE	Disallowed	Disallowed	Disallowed
MASKING_DICTIONARIES_ADMIN	Disallowed	Disallowed	Disallowed
NDB_STORED_USER	Disallowed	Disallowed	Disallowed
OPTIMIZE_LOCAL_TABLE	Not available	Not available	Disallowed
PASSWORDLESS_USER_ADMIN	Disallowed	Disallowed	Disallowed
PERSIST_RO_VARIABLES_ADMIN	Disallowed	Disallowed	Disallowed
REPLICATION_APPLIER	Allowed	Disallowed	Disallowed
REPLICATION_SLAVE_ADMIN	Disallowed	Disallowed	Disallowed
RESOURCE_GROUP_ADMIN	Allowed	Disallowed	Disallowed
RESOURCE_GROUP_USER	Allowed	Disallowed	Disallowed
ROLE_ADMIN	Allowed	Allowed	Allowed
SENSITIVE_VARIABLES_OBSERVER	Allowed	Allowed	Allowed
SERVICE_CONNECTION_ADMIN	Allowed	Disallowed	Disallowed
SESSION_VARIABLES_ADMIN	Allowed	Allowed	Allowed
SET_ANY_DEFINER	Not available	Not available	Allowed
SET_USER_ID	Allowed	Allowed	Not available
SHOW_ROUTINE	Allowed	Allowed	Allowed
SKIP_QUERY_REWRITE	Disallowed	Disallowed	Disallowed
SYSTEM_USER	Disallowed	Disallowed	Disallowed
SYSTEM_VARIABLES_ADMIN	Disallowed	Disallowed	Disallowed
TABLE_ENCRYPTION_ADMIN	Disallowed	Disallowed	Disallowed
TELEMETRY_LOG_ADMIN	Allowed	Disallowed	Disallowed
TP_CONNECTION_ADMIN	Disallowed	Disallowed	Disallowed
TRANSACTION_GTID_TAG	Not available	Not available	Disallowed
VERSION_TOKEN_ADMIN	Disallowed	Disallowed	Disallowed
XA_RECOVER_ADMIN	Allowed	Allowed	Allowed

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Role-based privilege model

Ending a session or query