MDEV-23610: Slave user can't run "SHOW SLAVE STATUS" anymore after upgrade to 10.5, mysql_upgrade should take of that

Add a new privilege "SLAVE MONITOR" which will grant user the permission
to execute "SHOW SLAVE STATUS" and "SHOW RELAYLOG EVENTS" commands.

SHOW SLAVE STATUS requires either SLAVE MONITOR/SUPER
SHOW RELAYLOG EVENTS requires SLAVE MONITOR privilege.

20 files changed, 350 insertions, 114 deletions

diff --git a/mysql-test/main/grant.result b/mysql-test/main/grant.result
index 01daf027186..671b6dc4247 100644
--- a/mysql-test/main/grant.result
+++ b/mysql-test/main/grant.result
@@ -624,7 +624,8 @@ Reload	Server Admin	To reload or refresh tables, logs and privileges
 Binlog admin	Server	To purge binary logs
 Binlog monitor	Server	To use SHOW BINLOG STATUS and SHOW BINARY LOG
 Replication master admin	Server	To monitor connected slaves
-Replication slave admin	Server	To start/monitor/stop slave and apply binlog events
+Replication slave admin	Server	To start/stop slave and apply binlog events
+Slave monitor	Server	To use SHOW SLAVE STATUS and SHOW RELAYLOG EVENTS
 Replication slave	Server Admin	To read binary log events from the master
 Select	Tables	To retrieve rows from table
 Show databases	Server Admin	To see all databases with SHOW DATABASES
@@ -1966,10 +1967,11 @@ GRANT REPLICATION SLAVE       ON *.* TO mysqltest_u1@localhost;
 GRANT SHOW DATABASES          ON *.* TO mysqltest_u1@localhost;
 GRANT SHUTDOWN                ON *.* TO mysqltest_u1@localhost;
 GRANT USAGE                   ON *.* TO mysqltest_u1@localhost;
+GRANT SLAVE MONITOR           ON *.* TO mysqltest_u1@localhost;
 
 SHOW GRANTS FOR mysqltest_u1@localhost;
 Grants for mysqltest_u1@localhost
-GRANT RELOAD, SHUTDOWN, PROCESS, FILE, SHOW DATABASES, REPLICATION SLAVE, BINLOG MONITOR, CREATE USER ON *.* TO `mysqltest_u1`@`localhost`
+GRANT RELOAD, SHUTDOWN, PROCESS, FILE, SHOW DATABASES, REPLICATION SLAVE, BINLOG MONITOR, CREATE USER, SLAVE MONITOR ON *.* TO `mysqltest_u1`@`localhost`
 GRANT CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE ROUTINE, ALTER ROUTINE, EVENT ON `mysqltest_db1`.* TO `mysqltest_u1`@`localhost`
 connect  con1,localhost,mysqltest_u1,,mysqltest_db1;
 connection con1;
diff --git a/mysql-test/main/grant.test b/mysql-test/main/grant.test
index 38baf673825..a81e77567b5 100644
--- a/mysql-test/main/grant.test
+++ b/mysql-test/main/grant.test
@@ -1833,6 +1833,7 @@ GRANT REPLICATION SLAVE       ON *.* TO mysqltest_u1@localhost;
 GRANT SHOW DATABASES          ON *.* TO mysqltest_u1@localhost;
 GRANT SHUTDOWN                ON *.* TO mysqltest_u1@localhost;
 GRANT USAGE                   ON *.* TO mysqltest_u1@localhost;
+GRANT SLAVE MONITOR           ON *.* TO mysqltest_u1@localhost;
 
 --echo
 SHOW GRANTS FOR mysqltest_u1@localhost;
diff --git a/mysql-test/main/grant_slave_admin.result b/mysql-test/main/grant_slave_admin.result
index 12f0694e9eb..0f1f2c9985f 100644
--- a/mysql-test/main/grant_slave_admin.result
+++ b/mysql-test/main/grant_slave_admin.result
@@ -18,8 +18,6 @@ CHANGE MASTER TO MASTER_HOST='127.0.0.1';
 ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
 STOP SLAVE;
 ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
-SHOW SLAVE STATUS;
-ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
 disconnect con1;
 connection default;
 DROP USER user1@localhost;
@@ -39,7 +37,6 @@ CHANGE MASTER TO MASTER_USER='root';
 STOP SLAVE;
 Warnings:
 Note	1255	Slave already has been stopped
-SHOW SLAVE STATUS;
 disconnect con1;
 connection default;
 DROP USER user1@localhost;
@@ -59,31 +56,6 @@ CHANGE MASTER TO MASTER_USER='root';
 STOP SLAVE;
 Warnings:
 Note	1255	Slave already has been stopped
-SHOW SLAVE STATUS;
-disconnect con1;
-connection default;
-DROP USER user1@localhost;
-#
-# Test that SHOW RELAYLOG EVENTS is not allowed without REPLICATION SLAVE ADMIN
-#
-CREATE USER user1@localhost IDENTIFIED BY '';
-GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
-REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
-connect  con1,localhost,user1,,;
-connection con1;
-SHOW RELAYLOG EVENTS;
-ERROR 42000: Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
-disconnect con1;
-connection default;
-DROP USER user1@localhost;
-#
-# Test that SHOW RELAYLOG EVENTS is allowed with REPLICATION SLAVE ADMIN
-#
-CREATE USER user1@localhost IDENTIFIED BY '';
-GRANT REPLICATION SLAVE ADMIN ON *.* TO user1@localhost;
-connect  con1,localhost,user1,,;
-connection con1;
-SHOW RELAYLOG EVENTS;
 disconnect con1;
 connection default;
 DROP USER user1@localhost;
diff --git a/mysql-test/main/grant_slave_admin.test b/mysql-test/main/grant_slave_admin.test
index f17f8689b9f..d73c31e0cf2 100644
--- a/mysql-test/main/grant_slave_admin.test
+++ b/mysql-test/main/grant_slave_admin.test
@@ -24,8 +24,6 @@ START SLAVE;
 CHANGE MASTER TO MASTER_HOST='127.0.0.1';
 --error ER_SPECIFIC_ACCESS_DENIED_ERROR
 STOP SLAVE;
---error ER_SPECIFIC_ACCESS_DENIED_ERROR
-SHOW SLAVE STATUS;
 disconnect con1;
 
 connection default;
@@ -46,9 +44,6 @@ connection con1;
 START SLAVE;
 CHANGE MASTER TO MASTER_USER='root';
 STOP SLAVE;
---disable_result_log
-SHOW SLAVE STATUS;
---enable_result_log
 disconnect con1;
 
 connection default;
@@ -69,51 +64,11 @@ connection con1;
 START SLAVE;
 CHANGE MASTER TO MASTER_USER='root';
 STOP SLAVE;
---disable_result_log
-SHOW SLAVE STATUS;
---enable_result_log
 disconnect con1;
 
 connection default;
 DROP USER user1@localhost;
 
-
-
---echo #
---echo # Test that SHOW RELAYLOG EVENTS is not allowed without REPLICATION SLAVE ADMIN
---echo #
-
-CREATE USER user1@localhost IDENTIFIED BY '';
-GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
-REVOKE REPLICATION SLAVE ADMIN ON *.* FROM user1@localhost;
-connect (con1,localhost,user1,,);
-connection con1;
---disable_ps_protocol
---error ER_SPECIFIC_ACCESS_DENIED_ERROR
-SHOW RELAYLOG EVENTS;
---enable_ps_protocol
-disconnect con1;
-connection default;
-DROP USER user1@localhost;
-
---echo #
---echo # Test that SHOW RELAYLOG EVENTS is allowed with REPLICATION SLAVE ADMIN
---echo #
-
-CREATE USER user1@localhost IDENTIFIED BY '';
-GRANT REPLICATION SLAVE ADMIN ON *.* TO user1@localhost;
-connect (con1,localhost,user1,,);
-connection con1;
---disable_ps_protocol
---disable_result_log
-SHOW RELAYLOG EVENTS;
---enable_result_log
---enable_ps_protocol
-disconnect con1;
-connection default;
-DROP USER user1@localhost;
-
-
 --echo #
 --echo # End of 10.5 tests
 --echo #
diff --git a/mysql-test/main/grant_slave_monitor.result b/mysql-test/main/grant_slave_monitor.result
new file mode 100644
index 00000000000..e53d8c0e678
--- /dev/null
+++ b/mysql-test/main/grant_slave_monitor.result
@@ -0,0 +1,55 @@
+CREATE USER user1@localhost IDENTIFIED BY '';
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+REVOKE SLAVE MONITOR, SUPER ON *.* FROM user1@localhost;
+FLUSH PRIVILEGES;
+connect con1,localhost,user1,,;
+connection con1;
+SHOW GRANTS;
+Grants for user1@localhost
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `user1`@`localhost`
+#
+# Verify that having REPLICATION SLAVE ADMIN doesn't allow SHOW SLAVE STATUS
+# Expected error: Access denied; you need (at least one of) the SUPER, SLAVE
+#                 MONITOR privilege(s) for this operation
+#
+SHOW SLAVE STATUS;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, SLAVE MONITOR privilege(s) for this operation
+#
+# Verify that having REPLICATION SLAVE ADMIN doesn't allow SHOW RELAYLOG EVENTS
+# Expected error: Access denied; you need (at least one of) the REPLICA MONITOR
+#                 privilege(s) for this operation
+#
+SHOW RELAYLOG EVENTS;
+ERROR 42000: Access denied; you need (at least one of) the SLAVE MONITOR privilege(s) for this operation
+disconnect con1;
+# 
+# SHOW SLAVE STATUS and SHOW RELAYLOG EVENTS are allowed with SLAVE MONITOR privilege
+#
+connection default;
+GRANT SLAVE MONITOR ON *.* TO user1@localhost;
+FLUSH PRIVILEGES;
+connect con1,localhost,user1,,;
+connection con1;
+SHOW GRANTS;
+Grants for user1@localhost
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user1`@`localhost`
+SHOW SLAVE STATUS;
+SHOW RELAYLOG EVENTS;
+disconnect con1;
+connection default;
+DROP USER user1@localhost;
+#
+# SHOW SLAVE STATUS command is allowed with SUPER privilege
+#
+CREATE USER user1@localhost IDENTIFIED BY '';
+GRANT SUPER ON *.* TO user1@localhost;
+connect con1,localhost,user1,,;
+SHOW SLAVE STATUS;
+#
+# SHOW RELAYLOG EVENTS is not allowed with SUPER privilege, it requires SLAVE MONITOR
+#
+SHOW RELAYLOG EVENTS;
+ERROR 42000: Access denied; you need (at least one of) the SLAVE MONITOR privilege(s) for this operation
+disconnect con1;
+connection default;
+DROP USER user1@localhost;
diff --git a/mysql-test/main/grant_slave_monitor.test b/mysql-test/main/grant_slave_monitor.test
new file mode 100644
index 00000000000..7dacaa36aee
--- /dev/null
+++ b/mysql-test/main/grant_slave_monitor.test
@@ -0,0 +1,101 @@
+# ==== Purpose ====
+#
+# SLAVE MONITOR privilege is required to execute following commands.
+#   SHOW SLAVE STATUS
+#   SHOW RELAYLOG EVENTS
+#
+# ==== Implementation ====
+#
+# Step1: GRANT ALL privileges for a new user 'user1' and then REVOKE
+#        SLAVE MONITOR and SUPER privileges.
+# Step2: Execute SHOW SLAVE STAUTS/SHOW RELAYLOG EVENTS commands and expect
+#        ER_SPECIFIC_ACCESS_DENIED_ERROR. This also verifies that REPLICATION
+#        SLAVE ADMIN privilege is not required for these two commands.
+# Step3: GRANT SLAVE MONITOR privilege and observe that both commands are
+#        allowd to execute.
+# Step4: GRANT SUPER privilege and observe that only SHOW SLAVE STATUS command
+#        is allowed.
+#
+# ==== References ====
+#
+# MDEV-23610: Slave user can't run "SHOW SLAVE STATUS" anymore after upgrade
+#             to 10.5, mysql_upgrade should take of that
+# MDEV-23918: admin privlege required to view contents of relay logs in 10.5
+#
+
+--source include/not_embedded.inc
+
+CREATE USER user1@localhost IDENTIFIED BY '';
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+REVOKE SLAVE MONITOR, SUPER ON *.* FROM user1@localhost;
+FLUSH PRIVILEGES;
+
+--connect(con1,localhost,user1,,)
+--connection con1
+SHOW GRANTS;
+
+--echo #
+--echo # Verify that having REPLICATION SLAVE ADMIN doesn't allow SHOW SLAVE STATUS
+--echo # Expected error: Access denied; you need (at least one of) the SUPER, SLAVE
+--echo #                 MONITOR privilege(s) for this operation
+--echo #
+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
+SHOW SLAVE STATUS;
+
+--echo #
+--echo # Verify that having REPLICATION SLAVE ADMIN doesn't allow SHOW RELAYLOG EVENTS
+--echo # Expected error: Access denied; you need (at least one of) the REPLICA MONITOR
+--echo #                 privilege(s) for this operation
+--echo #
+--disable_ps_protocol
+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
+SHOW RELAYLOG EVENTS;
+--enable_ps_protocol
+--disconnect con1
+
+--echo #
+--echo # SHOW SLAVE STATUS and SHOW RELAYLOG EVENTS are allowed with SLAVE MONITOR privilege
+--echo #
+
+--connection default
+GRANT SLAVE MONITOR ON *.* TO user1@localhost;
+FLUSH PRIVILEGES;
+
+--connect(con1,localhost,user1,,)
+--connection con1
+SHOW GRANTS;
+
+--disable_result_log
+SHOW SLAVE STATUS;
+--disable_ps_protocol
+SHOW RELAYLOG EVENTS;
+--enable_ps_protocol
+--enable_result_log
+--disconnect con1
+
+--connection default
+DROP USER user1@localhost;
+
+--echo #
+--echo # SHOW SLAVE STATUS command is allowed with SUPER privilege
+--echo #
+CREATE USER user1@localhost IDENTIFIED BY '';
+GRANT SUPER ON *.* TO user1@localhost;
+
+--connect(con1,localhost,user1,,)
+--disable_result_log
+SHOW SLAVE STATUS;
+--enable_result_log
+
+--echo #
+--echo # SHOW RELAYLOG EVENTS is not allowed with SUPER privilege, it requires SLAVE MONITOR
+--echo #
+
+--disable_ps_protocol
+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
+SHOW RELAYLOG EVENTS;
+--enable_ps_protocol
+--disconnect con1
+
+--connection default
+DROP USER user1@localhost;
diff --git a/mysql-test/main/mysql_upgrade_to_100502.result b/mysql-test/main/mysql_upgrade_to_100502.result
index 85fae5afc22..15095809092 100644
--- a/mysql-test/main/mysql_upgrade_to_100502.result
+++ b/mysql-test/main/mysql_upgrade_to_100502.result
@@ -18,7 +18,37 @@ CREATE USER user_super_replslave@localhost;
 GRANT SUPER, REPLICATION SLAVE ON *.* TO user_super_replslave@localhost;
 SHOW GRANTS FOR user_super_replslave@localhost;
 Grants for user_super_replslave@localhost
-GRANT SUPER, REPLICATION SLAVE, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `user_super_replslave`@`localhost`
+GRANT SUPER, REPLICATION SLAVE, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user_super_replslave`@`localhost`
+#
+# MDEV-23610: Slave user can't run "SHOW SLAVE STATUS" anymore after upgrade to 10.5, mysql_upgrade should take of that
+#
+#
+# Users with privilege SUPER prior to 10.5 should successfully execute
+# SHOW SLAVE STATUS command
+#
+CREATE USER user_replsuper@localhost;
+GRANT SUPER ON *.* TO user_replsuper@localhost;
+SHOW GRANTS FOR user_replsuper@localhost;
+Grants for user_replsuper@localhost
+GRANT SUPER, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `user_replsuper`@`localhost`
+#
+# Users with privilege REPLICATION CLIENT prior to 10.5 should successfully execute
+# SHOW SLAVE STATUS command
+#
+CREATE USER user_replclient@localhost;
+GRANT REPLICATION CLIENT ON *.* TO user_replclient@localhost;
+SHOW GRANTS FOR user_replclient@localhost;
+Grants for user_replclient@localhost
+GRANT BINLOG MONITOR ON *.* TO `user_replclient`@`localhost`
+#
+# Users with privilege REPLICATION SLAVE prior to 10.5 should successfully execute
+# SHOW RELAYLOG EVENTS command
+#
+CREATE USER user_replslave@localhost;
+GRANT REPLICATION SLAVE ON *.* TO user_replslave@localhost;
+SHOW GRANTS FOR user_replslave@localhost;
+Grants for user_replslave@localhost
+GRANT REPLICATION SLAVE, REPLICATION MASTER ADMIN, SLAVE MONITOR ON *.* TO `user_replslave`@`localhost`
 # mysql_upgrade --force --silent 2>&1
 FLUSH PRIVILEGES;
 #
@@ -38,7 +68,35 @@ GRANT SUPER, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLI
 #
 SHOW GRANTS FOR user_super_replslave@localhost;
 Grants for user_super_replslave@localhost
-GRANT SUPER, REPLICATION SLAVE, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `user_super_replslave`@`localhost`
+GRANT SUPER, REPLICATION SLAVE, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user_super_replslave`@`localhost`
+#
+# MDEV-23610: Slave user can't run "SHOW SLAVE STATUS" anymore after upgrade to 10.5, mysql_upgrade should take of that
+#
+#
+# Should automatically get BINLOG MONITOR and REPLICA MONITOR
+#
+SHOW GRANTS FOR user_replclient@localhost;
+Grants for user_replclient@localhost
+GRANT BINLOG MONITOR, SLAVE MONITOR ON *.* TO `user_replclient`@`localhost`
+#
+# Should automatically get REPLICA MONITOR
+#
+SHOW GRANTS FOR user_replslave@localhost;
+Grants for user_replslave@localhost
+GRANT REPLICATION SLAVE, SLAVE MONITOR ON *.* TO `user_replslave`@`localhost`
+connect  con1,localhost,user_super_replslave,,test;
+connection con1;
+SHOW SLAVE STATUS;
+disconnect con1;
+connect  con1,localhost,user_replclient,,test;
+connection con1;
+SHOW SLAVE STATUS;
+disconnect con1;
+connect  con1,localhost,user_replslave,,test;
+connection con1;
+SHOW RELAYLOG EVENTS;
+disconnect con1;
+connection default;
 SELECT
 json_value(Priv, '$.version_id'),
 json_value(Priv, '$.access'),
@@ -51,6 +109,9 @@ AND
 user LIKE 'user_%';
 json_value(Priv, '$.version_id')	json_value(Priv, '$.access')	user
 NULL	1073741823	user_all
+NULL	1048576	user_replclient
+NULL	524288	user_replslave
+NULL	32768	user_replsuper
 NULL	32768	user_super
 NULL	557056	user_super_replslave
 DROP TABLE mysql.global_priv;
diff --git a/mysql-test/main/mysql_upgrade_to_100502.test b/mysql-test/main/mysql_upgrade_to_100502.test
index b03fb14fe08..b5a44080f17 100644
--- a/mysql-test/main/mysql_upgrade_to_100502.test
+++ b/mysql-test/main/mysql_upgrade_to_100502.test
@@ -25,6 +25,33 @@ CREATE USER user_super_replslave@localhost;
 GRANT SUPER, REPLICATION SLAVE ON *.* TO user_super_replslave@localhost;
 SHOW GRANTS FOR user_super_replslave@localhost;
 
+--echo #
+--echo # MDEV-23610: Slave user can't run "SHOW SLAVE STATUS" anymore after upgrade to 10.5, mysql_upgrade should take of that
+--echo #
+
+--echo #
+--echo # Users with privilege SUPER prior to 10.5 should successfully execute
+--echo # SHOW SLAVE STATUS command
+--echo #
+CREATE USER user_replsuper@localhost;
+GRANT SUPER ON *.* TO user_replsuper@localhost;
+SHOW GRANTS FOR user_replsuper@localhost;
+
+--echo #
+--echo # Users with privilege REPLICATION CLIENT prior to 10.5 should successfully execute
+--echo # SHOW SLAVE STATUS command
+--echo #
+CREATE USER user_replclient@localhost;
+GRANT REPLICATION CLIENT ON *.* TO user_replclient@localhost;
+SHOW GRANTS FOR user_replclient@localhost;
+
+--echo #
+--echo # Users with privilege REPLICATION SLAVE prior to 10.5 should successfully execute
+--echo # SHOW RELAYLOG EVENTS command
+--echo #
+CREATE USER user_replslave@localhost;
+GRANT REPLICATION SLAVE ON *.* TO user_replslave@localhost;
+SHOW GRANTS FOR user_replslave@localhost;
 
 --echo # mysql_upgrade --force --silent 2>&1
 --exec $MYSQL_UPGRADE --force --silent 2>&1
@@ -46,6 +73,44 @@ SHOW GRANTS FOR user_super@localhost;
 --echo #
 SHOW GRANTS FOR user_super_replslave@localhost;
 
+--echo #
+--echo # MDEV-23610: Slave user can't run "SHOW SLAVE STATUS" anymore after upgrade to 10.5, mysql_upgrade should take of that
+--echo #
+
+--echo #
+--echo # Should automatically get BINLOG MONITOR and REPLICA MONITOR
+--echo #
+SHOW GRANTS FOR user_replclient@localhost;
+
+--echo #
+--echo # Should automatically get REPLICA MONITOR
+--echo #
+SHOW GRANTS FOR user_replslave@localhost;
+
+--connect (con1,localhost,user_super_replslave,,test)
+--connection con1
+--disable_result_log
+SHOW SLAVE STATUS;
+--enable_result_log
+--disconnect con1
+
+--connect (con1,localhost,user_replclient,,test)
+--connection con1
+--disable_result_log
+SHOW SLAVE STATUS;
+--enable_result_log
+--disconnect con1
+
+--connect (con1,localhost,user_replslave,,test)
+--connection con1
+--disable_ps_protocol
+--disable_result_log
+SHOW RELAYLOG EVENTS;
+--enable_result_log
+--enable_ps_protocol
+--disconnect con1
+
+--connection default
 SELECT
   json_value(Priv, '$.version_id'),
   json_value(Priv, '$.access'),
diff --git a/mysql-test/main/mysqldump-system.result b/mysql-test/main/mysqldump-system.result
index 356396a5169..562a61b91cd 100644
--- a/mysql-test/main/mysqldump-system.result
+++ b/mysql-test/main/mysqldump-system.result
@@ -469,7 +469,7 @@ Host	User	Priv
 localhost	mariadb.sys	{"access":0,"version_id":VERSION,"plugin":"mysql_native_password","authentication_string":"","password_last_changed":NOW,"password_lifetime":-1,"default_role":""}
 	role_1	{"access":16384,"version_id":VERSION,"is_role":true}
 	role_2	{"access":0,"version_id":VERSION,"is_role":true}
-localhost	root	{"access":274877906943,"version_id":VERSION,"plugin":"mysql_native_password","authentication_string":"","password_last_changed":NOW,"default_role":""}
+localhost	root	{"access":549755813887,"version_id":VERSION,"plugin":"mysql_native_password","authentication_string":"","password_last_changed":NOW,"default_role":""}
 CHECKSUM TABLE mysql.roles_mapping, mysql.time_zone_transition, mysql.plugin,
 mysql.servers, mysql.func, mysql.innodb_table_stats, mysql.table_stats;
 Table	Checksum
diff --git a/mysql-test/main/system_mysql_db_error_log.result b/mysql-test/main/system_mysql_db_error_log.result
index da4297b55b3..5af3eda0700 100644
--- a/mysql-test/main/system_mysql_db_error_log.result
+++ b/mysql-test/main/system_mysql_db_error_log.result
@@ -15,7 +15,7 @@ SET @all_known_privileges_current=(SELECT CAST(json_value(Priv, '$.access') AS U
 DROP USER user1@localhost;
 SELECT HEX(@all_known_privileges_current);
 HEX(@all_known_privileges_current)
-3FFFFFFFFF
+7FFFFFFFFF
 CREATE USER bad_access1@localhost;
 UPDATE
 mysql.global_priv
diff --git a/mysql-test/suite/funcs_1/r/innodb_trig_03.result b/mysql-test/suite/funcs_1/r/innodb_trig_03.result
index 2149d21131f..31fc4407dce 100644
--- a/mysql-test/suite/funcs_1/r/innodb_trig_03.result
+++ b/mysql-test/suite/funcs_1/r/innodb_trig_03.result
@@ -78,7 +78,7 @@ grant ALL  on *.* to test_noprivs@localhost;
 revoke TRIGGER on *.* from test_noprivs@localhost;
 show grants for test_noprivs@localhost;
 Grants for test_noprivs@localhost
-GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost;
 grant TRIGGER on *.* to test_yesprivs@localhost;
 grant SELECT on priv_db.t1 to test_yesprivs@localhost;
@@ -168,7 +168,7 @@ grant ALL  on *.* to test_noprivs@localhost;
 revoke UPDATE  on *.* from test_noprivs@localhost;
 show grants for test_noprivs@localhost;
 Grants for test_noprivs@localhost
-GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost;
 grant TRIGGER, UPDATE on *.* to test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
@@ -183,7 +183,7 @@ test_noprivs@localhost
 use priv_db;
 show grants;
 Grants for test_noprivs@localhost
-GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 select f1 from t1 order by f1;
 f1
 insert 3.5.3.2-no
@@ -441,7 +441,7 @@ grant ALL  on *.* to test_noprivs@localhost;
 revoke SELECT  on *.* from test_noprivs@localhost;
 show grants for test_noprivs@localhost;
 Grants for test_noprivs@localhost
-GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost;
 grant TRIGGER, SELECT on *.* to test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
@@ -457,7 +457,7 @@ test_noprivs@localhost
 use priv_db;
 show grants;
 Grants for test_noprivs@localhost
-GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 create trigger trg5a_1 before INSERT on t1 for each row
 set @test_var = new.f1;
 connection default;
diff --git a/mysql-test/suite/funcs_1/r/innodb_trig_03e.result b/mysql-test/suite/funcs_1/r/innodb_trig_03e.result
index 8c9e31d30f2..875aa18e81f 100644
--- a/mysql-test/suite/funcs_1/r/innodb_trig_03e.result
+++ b/mysql-test/suite/funcs_1/r/innodb_trig_03e.result
@@ -603,7 +603,7 @@ trig 1_1-yes
 revoke TRIGGER on *.* from test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
 Grants for test_yesprivs@localhost
-GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 disconnect yes_privs;
 connect  yes_privs,localhost,test_yesprivs,PWD,test,$MASTER_MYPORT,$MASTER_MYSOCK;
 select current_user;
@@ -656,7 +656,7 @@ root@localhost
 grant TRIGGER on priv_db.* to test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
 Grants for test_yesprivs@localhost
-GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 GRANT TRIGGER ON `priv_db`.* TO `test_yesprivs`@`localhost`
 
 trigger privilege on db level for create:
diff --git a/mysql-test/suite/funcs_1/r/memory_trig_03.result b/mysql-test/suite/funcs_1/r/memory_trig_03.result
index 7e7886d830f..87f26acff46 100644
--- a/mysql-test/suite/funcs_1/r/memory_trig_03.result
+++ b/mysql-test/suite/funcs_1/r/memory_trig_03.result
@@ -78,7 +78,7 @@ grant ALL  on *.* to test_noprivs@localhost;
 revoke TRIGGER on *.* from test_noprivs@localhost;
 show grants for test_noprivs@localhost;
 Grants for test_noprivs@localhost
-GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost;
 grant TRIGGER on *.* to test_yesprivs@localhost;
 grant SELECT on priv_db.t1 to test_yesprivs@localhost;
@@ -168,7 +168,7 @@ grant ALL  on *.* to test_noprivs@localhost;
 revoke UPDATE  on *.* from test_noprivs@localhost;
 show grants for test_noprivs@localhost;
 Grants for test_noprivs@localhost
-GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost;
 grant TRIGGER, UPDATE on *.* to test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
@@ -183,7 +183,7 @@ test_noprivs@localhost
 use priv_db;
 show grants;
 Grants for test_noprivs@localhost
-GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 select f1 from t1 order by f1;
 f1
 insert 3.5.3.2-no
@@ -441,7 +441,7 @@ grant ALL  on *.* to test_noprivs@localhost;
 revoke SELECT  on *.* from test_noprivs@localhost;
 show grants for test_noprivs@localhost;
 Grants for test_noprivs@localhost
-GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost;
 grant TRIGGER, SELECT on *.* to test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
@@ -457,7 +457,7 @@ test_noprivs@localhost
 use priv_db;
 show grants;
 Grants for test_noprivs@localhost
-GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 create trigger trg5a_1 before INSERT on t1 for each row
 set @test_var = new.f1;
 connection default;
diff --git a/mysql-test/suite/funcs_1/r/memory_trig_03e.result b/mysql-test/suite/funcs_1/r/memory_trig_03e.result
index 0ad0be7f781..d100bdfc824 100644
--- a/mysql-test/suite/funcs_1/r/memory_trig_03e.result
+++ b/mysql-test/suite/funcs_1/r/memory_trig_03e.result
@@ -604,7 +604,7 @@ trig 1_1-yes
 revoke TRIGGER on *.* from test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
 Grants for test_yesprivs@localhost
-GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 disconnect yes_privs;
 connect  yes_privs,localhost,test_yesprivs,PWD,test,$MASTER_MYPORT,$MASTER_MYSOCK;
 select current_user;
@@ -657,7 +657,7 @@ root@localhost
 grant TRIGGER on priv_db.* to test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
 Grants for test_yesprivs@localhost
-GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 GRANT TRIGGER ON `priv_db`.* TO `test_yesprivs`@`localhost`
 
 trigger privilege on db level for create:
diff --git a/mysql-test/suite/funcs_1/r/myisam_trig_03.result b/mysql-test/suite/funcs_1/r/myisam_trig_03.result
index 7e7886d830f..87f26acff46 100644
--- a/mysql-test/suite/funcs_1/r/myisam_trig_03.result
+++ b/mysql-test/suite/funcs_1/r/myisam_trig_03.result
@@ -78,7 +78,7 @@ grant ALL  on *.* to test_noprivs@localhost;
 revoke TRIGGER on *.* from test_noprivs@localhost;
 show grants for test_noprivs@localhost;
 Grants for test_noprivs@localhost
-GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost;
 grant TRIGGER on *.* to test_yesprivs@localhost;
 grant SELECT on priv_db.t1 to test_yesprivs@localhost;
@@ -168,7 +168,7 @@ grant ALL  on *.* to test_noprivs@localhost;
 revoke UPDATE  on *.* from test_noprivs@localhost;
 show grants for test_noprivs@localhost;
 Grants for test_noprivs@localhost
-GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost;
 grant TRIGGER, UPDATE on *.* to test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
@@ -183,7 +183,7 @@ test_noprivs@localhost
 use priv_db;
 show grants;
 Grants for test_noprivs@localhost
-GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 select f1 from t1 order by f1;
 f1
 insert 3.5.3.2-no
@@ -441,7 +441,7 @@ grant ALL  on *.* to test_noprivs@localhost;
 revoke SELECT  on *.* from test_noprivs@localhost;
 show grants for test_noprivs@localhost;
 Grants for test_noprivs@localhost
-GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost;
 grant TRIGGER, SELECT on *.* to test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
@@ -457,7 +457,7 @@ test_noprivs@localhost
 use priv_db;
 show grants;
 Grants for test_noprivs@localhost
-GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 create trigger trg5a_1 before INSERT on t1 for each row
 set @test_var = new.f1;
 connection default;
diff --git a/mysql-test/suite/funcs_1/r/myisam_trig_03e.result b/mysql-test/suite/funcs_1/r/myisam_trig_03e.result
index 73eb0336eef..22db7ad337e 100644
--- a/mysql-test/suite/funcs_1/r/myisam_trig_03e.result
+++ b/mysql-test/suite/funcs_1/r/myisam_trig_03e.result
@@ -604,7 +604,7 @@ trig 1_1-yes
 revoke TRIGGER on *.* from test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
 Grants for test_yesprivs@localhost
-GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 disconnect yes_privs;
 connect  yes_privs,localhost,test_yesprivs,PWD,test,$MASTER_MYPORT,$MASTER_MYSOCK;
 select current_user;
@@ -657,7 +657,7 @@ root@localhost
 grant TRIGGER on priv_db.* to test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
 Grants for test_yesprivs@localhost
-GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 GRANT TRIGGER ON `priv_db`.* TO `test_yesprivs`@`localhost`
 
 trigger privilege on db level for create:
diff --git a/sql/privilege.h b/sql/privilege.h
index 37cdf4da01a..8d4f5bc5b57 100644
--- a/sql/privilege.h
+++ b/sql/privilege.h
@@ -66,7 +66,8 @@ enum privilege_t: unsigned long long
   REPL_SLAVE_ADMIN_ACL  = (1ULL << 34), // Added in 10.5.2
   REPL_MASTER_ADMIN_ACL = (1ULL << 35), // Added in 10.5.2
   BINLOG_ADMIN_ACL      = (1ULL << 36), // Added in 10.5.2
-  BINLOG_REPLAY_ACL     = (1ULL << 37)  // Added in 10.5.2
+  BINLOG_REPLAY_ACL     = (1ULL << 37), // Added in 10.5.2
+  SLAVE_MONITOR_ACL     = (1ULL << 38)  // Added in 10.5.9
   /*
     When adding new privilege bits, don't forget to update:
     In this file:
@@ -93,13 +94,18 @@ enum privilege_t: unsigned long long
   */
 };
 
+constexpr static inline privilege_t ALL_KNOWN_BITS(privilege_t x)
+{
+  return (privilege_t)(x | (x-1));
+}
 
 // Version markers
 constexpr privilege_t LAST_100304_ACL= DELETE_HISTORY_ACL;
 constexpr privilege_t LAST_100502_ACL= BINLOG_REPLAY_ACL;
+constexpr privilege_t LAST_100509_ACL= SLAVE_MONITOR_ACL;
 
 // Current version markers
-constexpr privilege_t LAST_CURRENT_ACL= LAST_100502_ACL;
+constexpr privilege_t LAST_CURRENT_ACL= LAST_100509_ACL;
 constexpr uint PRIVILEGE_T_MAX_BIT=
               my_bit_log2_uint64((ulonglong) LAST_CURRENT_ACL);
 
@@ -108,15 +114,16 @@ static_assert((privilege_t)(1ULL << PRIVILEGE_T_MAX_BIT) == LAST_CURRENT_ACL,
               "LAST_CURRENT_ACL and PRIVILEGE_T_MAX_BIT do not match");
 
 // A combination of all bits defined in 10.3.4 (and earlier)
-constexpr privilege_t ALL_KNOWN_ACL_100304 =
-  (privilege_t) ((LAST_100304_ACL << 1) - 1);
+constexpr privilege_t ALL_KNOWN_ACL_100304 = ALL_KNOWN_BITS(LAST_100304_ACL);
 
 // A combination of all bits defined in 10.5.2
-constexpr privilege_t ALL_KNOWN_ACL_100502=
-  (privilege_t) ((LAST_100502_ACL << 1) - 1);
+constexpr privilege_t ALL_KNOWN_ACL_100502= ALL_KNOWN_BITS(LAST_100502_ACL);
+
+// A combination of all bits defined in 10.5.9
+constexpr privilege_t ALL_KNOWN_ACL_100509= ALL_KNOWN_BITS(LAST_100509_ACL);
 
 // A combination of all bits defined as of the current version
-constexpr privilege_t ALL_KNOWN_ACL= ALL_KNOWN_ACL_100502;
+constexpr privilege_t ALL_KNOWN_ACL= ALL_KNOWN_BITS(LAST_CURRENT_ACL);
 
 
 // Unary operators
@@ -269,7 +276,7 @@ constexpr privilege_t GLOBAL_ACLS=
   SUPER_ACL | RELOAD_ACL | SHUTDOWN_ACL | PROCESS_ACL | FILE_ACL |
   REPL_SLAVE_ACL | BINLOG_MONITOR_ACL |
   GLOBAL_SUPER_ADDED_SINCE_USER_TABLE_ACLS |
-  REPL_MASTER_ADMIN_ACL;
+  REPL_MASTER_ADMIN_ACL | SLAVE_MONITOR_ACL;
 
 constexpr privilege_t DEFAULT_CREATE_PROC_ACLS=
   ALTER_PROC_ACL | EXECUTE_ACL;
@@ -505,9 +512,11 @@ constexpr privilege_t PRIV_STMT_STOP_SLAVE= REPL_SLAVE_ADMIN_ACL | SUPER_ACL;
 // Was SUPER_ACL prior to 10.5.2
 constexpr privilege_t PRIV_STMT_CHANGE_MASTER= REPL_SLAVE_ADMIN_ACL | SUPER_ACL;
 // Was (SUPER_ACL | REPL_CLIENT_ACL) prior to 10.5.2
-constexpr privilege_t PRIV_STMT_SHOW_SLAVE_STATUS= REPL_SLAVE_ADMIN_ACL | SUPER_ACL;
+// Was (SUPER_ACL | REPL_SLAVE_ADMIN_ACL) from 10.5.2 to 10.5.8
+constexpr privilege_t PRIV_STMT_SHOW_SLAVE_STATUS= SLAVE_MONITOR_ACL | SUPER_ACL;
 // Was REPL_SLAVE_ACL prior to 10.5.2
-constexpr privilege_t PRIV_STMT_SHOW_RELAYLOG_EVENTS= REPL_SLAVE_ADMIN_ACL;
+// Was REPL_SLAVE_ADMIN_ACL from 10.5.2 to 10.5.8
+constexpr privilege_t PRIV_STMT_SHOW_RELAYLOG_EVENTS= SLAVE_MONITOR_ACL;
 
 /*
   Privileges related to binlog replying.
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 483be6e39d6..4e3a79b25f3 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -1057,6 +1057,9 @@ class User_table_tabular: public User_table
     if (access & REPL_SLAVE_ACL)
       access|= REPL_MASTER_ADMIN_ACL;
 
+    if (access & REPL_SLAVE_ACL)
+      access|= SLAVE_MONITOR_ACL;
+
     return access & GLOBAL_ACLS;
   }
 
@@ -1528,7 +1531,11 @@ class User_table_json: public User_table
   {
     privilege_t mask= ALL_KNOWN_ACL_100304;
     ulonglong orig_access= access;
-    if (version_id >= 100502)
+    if (version_id >= 100509)
+    {
+      mask= ALL_KNOWN_ACL_100509;
+    }
+    else if (version_id >= 100502 && version_id < 100509)
     {
       mask= ALL_KNOWN_ACL_100502;
     }
@@ -1554,6 +1561,12 @@ class User_table_json: public User_table
         }
         access|= GLOBAL_SUPER_ADDED_SINCE_USER_TABLE_ACLS;
       }
+      /*
+        REPLICATION_CLIENT(BINLOG_MONITOR_ACL) should allow SHOW SLAVE STATUS
+        REPLICATION SLAVE should allow SHOW RELAYLOG EVENTS
+      */
+      if (access & BINLOG_MONITOR_ACL || access & REPL_SLAVE_ACL)
+        access|= SLAVE_MONITOR_ACL;
     }
 
     if (orig_access & ~mask)
@@ -8974,7 +8987,7 @@ static const char *command_array[]=
   "CREATE USER", "EVENT", "TRIGGER", "CREATE TABLESPACE", "DELETE HISTORY",
   "SET USER", "FEDERATED ADMIN", "CONNECTION ADMIN", "READ_ONLY ADMIN",
   "REPLICATION SLAVE ADMIN", "REPLICATION MASTER ADMIN", "BINLOG ADMIN",
-  "BINLOG REPLAY"
+  "BINLOG REPLAY", "SLAVE MONITOR"
 };
 
 static uint command_lengths[]=
@@ -8987,7 +9000,7 @@ static uint command_lengths[]=
   11, 5, 7, 17, 14,
   8, 15, 16, 15,
   23, 24, 12,
-  13
+  13, 13
 };
 
 
diff --git a/sql/sql_show.cc b/sql/sql_show.cc
index c00476871e4..0f6200ff237 100644
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -484,7 +484,8 @@ static struct show_privileges_st sys_privileges[]=
   {"Binlog admin", "Server", "To purge binary logs"},
   {"Binlog monitor", "Server", "To use SHOW BINLOG STATUS and SHOW BINARY LOG"},
   {"Replication master admin", "Server", "To monitor connected slaves"},
-  {"Replication slave admin", "Server", "To start/monitor/stop slave and apply binlog events"},
+  {"Replication slave admin", "Server", "To start/stop slave and apply binlog events"},
+  {"Slave monitor", "Server", "To use SHOW SLAVE STATUS and SHOW RELAYLOG EVENTS"},
   {"Replication slave","Server Admin","To read binary log events from the master"},
   {"Select", "Tables",  "To retrieve rows from table"},
   {"Show databases","Server Admin","To see all databases with SHOW DATABASES"},
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 607a68caf43..c5864887677 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -17035,6 +17035,7 @@ object_privilege:
         | BINLOG_SYM REPLAY_SYM            { $$= BINLOG_REPLAY_ACL; }
         | REPLICATION MASTER_SYM ADMIN_SYM { $$= REPL_MASTER_ADMIN_ACL; }
         | REPLICATION SLAVE ADMIN_SYM      { $$= REPL_SLAVE_ADMIN_ACL; }
+        | SLAVE MONITOR_SYM                { $$= SLAVE_MONITOR_ACL; }
         ;
 
 opt_and: