sql: add FLUSH PRIVILEGES hint

[lastzero]

It looked like FLUSH PRIVILEGES is not implemented because of pingcap/tidb#674. user-account-management.md also didn't mention it. I've added to all relevant pages.

[CLAassistant]

All committers have signed the CLA.

[morgo]

May I request you make it clearer:

• FLUSH PRIVILEGES is only required in the case of updates directly to the tables.
• If you use GRANT, SET PASSWORD, DROP USER, CREATE USER etc, FLUSH PRIVILEGES is run automatically.

[lastzero]

That's exactly what didn't work for me. Maybe it runs automatically, but not immediately?

Context: https://github.com/photoprism/photoprism/blob/develop/internal/tidb/init.go

[lastzero]

If you are absolutely sure and it counts as a bug if it doesn't work immediately, I'll invest more time to debug the issue with unit tests 👍

[lonng]

@morgo pingcap/tidb#8886

May I request you make it clearer:

• FLUSH PRIVILEGES is only required in the case of updates directly to the tables.
• If you use GRANT, SET PASSWORD, DROP USER, CREATE USER etc, FLUSH PRIVILEGES is run automatically.

Should execute FLUSH PRIVILEGES manually in the current release. If I am wrong, please point them out.

[lastzero]

Should execute FLUSH PRIVILEGES manually in the current release. If I am wrong, please point them out.

This is also what your CTO told me. IMHO the docs should mention that, independent of what future releases might do. Does running FLUSH PRIVILEGE cause any harm I am not aware of?

[morgo]

If you are absolutely sure and it counts as a bug if it doesn't work immediately, I'll invest more time to debug the issue with unit tests 👍

Yes, I worked on this code recently: pingcap/tidb#8886

When you run FLUSH PRIVILEGES, it sends a notification to etcd to update privileges. The bug I fixed was so that if there is no etcd (i.e. the test suite) it also runs FLUSH PRIVILEGES synchronously.

This is MySQL compatible behavior.

Does running FLUSH PRIVILEGE cause any harm I am not aware of?

Yes it can be an expensive command if there is a large number of users.

[lastzero]

Ah, fixed 5 days ago? No wonder it doesn't work for me.

What about users that run older versions?

[morgo]

Ah, fixed 5 days ago? No wonder it doesn't work for me.

I fixed it for the case of the test suite 5 days ago, if you have etcd, the notification channel should still work. If it doesn't, that is a new bug.

What about users that run older versions?

The docs are internally versioned (although currently the website only shows 'master' - that is something that is being worked on). /cc @queenypingcap

[lastzero]

We use the local version for our software. I know, special use case. We are a test suite for new ideas.

[lastzero]

Also it seems there are ready-to-use Docker images out there, that use the local version. These people will waste a lot of time figuring out what's wrong, like I did. At least half a day.

[morgo]

We use the local version for our software. I know, special use case. We are a test suite for new ideas.

Do you mean tidb w/mocktikv (no tikv or pd)? If so, that was my motivation for fixing that bug :-) As well as this one pingcap/tidb#8836. I would love to chat more if you don't mind me emailing you.

Also it seems there are ready-to-use Docker images out there, that use the local version. These people will waste a lot of time figuring out what's wrong, like I did. At least half a day.

If it is documented as it is though, that means it is intended behavior. It is not intended, or MySQL compatible. We could change the wording and apply to non-master docs, or we could backport the fix to existing GA releases. I am fine with either approach.

[morgo]

We could change the wording and apply to non-master docs, or we could backport the fix to existing GA releases. I am fine with either approach.

I had a chat with @shenli. I will prepare a patch to backport to the 2.1 branch.

[morgo]

A backport to 2.1 is now pending review pingcap/tidb#8948

[lastzero]

I would love to chat more if you don't mind me emailing you.

Sounds good! Let's have a chat, here are my contact details: https://blog.liquidbytes.net/contact/

[morgo]

Changes LGTM. Thanks for editing!

[CaitinChen]

Suggested change

	If you modified the grant tables directly, please run the following command to apply changes immediately:
	If you modified the grant tables directly, run the following command to apply changes immediately:

[CaitinChen]

We usually do not use "please" in technical documents.

[CaitinChen]

Suggested change

	See [Privilege Management](privilege.md) for details.
	For details, see [Privilege Management](../sql/privilege.md).

[lastzero]

Is ../sql/ a mistake? Both documents are in sql, so ../sql is the same directory.

[CaitinChen]

@lastzero No, ../sql/ is not a mistake. Your link path is correct on GitHub, but on the PingCAP website it will be a broken link.
Our link rule: Any relative path that links to another file must start from the level of the root directory.
We updated the link path rule for SEO. Thanks for your cooperation :)

[lastzero]

Interesting. You use pandoc, right? In my own projects, MkDocs automatically creates the right links in HTML as needed.

[CaitinChen]

@lastzero We do use pandoc to convert HTML to PDF, but it has nothing to do with our links in the documents.
We have our own link rule because of the complex hierarchical relationship in our website.

[CaitinChen]

@lastzero Thanks for your contribution!

[CaitinChen]

LGTM