25 files changed, 565 insertions, 41 deletions

diff --git a/mysql-test/main/grant_binlog_replay.result b/mysql-test/main/grant_binlog_replay.result
new file mode 100644
index 00000000000..2c71e70e59b
--- /dev/null
+++ b/mysql-test/main/grant_binlog_replay.result
@@ -0,0 +1,52 @@
+#
+# Start of 10.5 tests
+#
+#
+# MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
+#
+#
+# Test that binlog replay statements are not allowed without BINLOG REPLAY or SUPER
+#
+CREATE USER user1@localhost IDENTIFIED BY '';
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost;
+connect  con1,localhost,user1,,;
+connection con1;
+BINLOG '';
+ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
+disconnect con1;
+connection default;
+DROP USER user1@localhost;
+#
+# Test that binlog replay statements are allowed with BINLOG REPLAY
+#
+CREATE USER user1@localhost IDENTIFIED BY '';
+GRANT BINLOG REPLAY ON *.* TO user1@localhost;
+SHOW GRANTS FOR user1@localhost;
+Grants for user1@localhost
+GRANT BINLOG REPLAY ON *.* TO `user1`@`localhost`
+connect  con1,localhost,user1,,;
+connection con1;
+BINLOG '';
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use
+disconnect con1;
+connection default;
+DROP USER user1@localhost;
+#
+# Test that binlog replay statements are allowed with SUPER
+#
+CREATE USER user1@localhost IDENTIFIED BY '';
+GRANT SUPER ON *.* TO user1@localhost;
+SHOW GRANTS FOR user1@localhost;
+Grants for user1@localhost
+GRANT SUPER ON *.* TO `user1`@`localhost`
+connect  con1,localhost,user1,,;
+connection con1;
+BINLOG '';
+ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use
+disconnect con1;
+connection default;
+DROP USER user1@localhost;
+#
+# End of 10.5 tests
+#
diff --git a/mysql-test/main/grant_binlog_replay.test b/mysql-test/main/grant_binlog_replay.test
new file mode 100644
index 00000000000..a3078e5023c
--- /dev/null
+++ b/mysql-test/main/grant_binlog_replay.test
@@ -0,0 +1,73 @@
+-- source include/not_embedded.inc
+
+--echo #
+--echo # Start of 10.5 tests
+--echo #
+
+--echo #
+--echo # MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
+--echo #
+
+--echo #
+--echo # Test that binlog replay statements are not allowed without BINLOG REPLAY or SUPER
+--echo #
+
+CREATE USER user1@localhost IDENTIFIED BY '';
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost;
+
+connect (con1,localhost,user1,,);
+connection con1;
+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
+BINLOG '';
+disconnect con1;
+
+connection default;
+DROP USER user1@localhost;
+
+
+--echo #
+--echo # Test that binlog replay statements are allowed with BINLOG REPLAY
+--echo #
+
+CREATE USER user1@localhost IDENTIFIED BY '';
+GRANT BINLOG REPLAY ON *.* TO user1@localhost;
+SHOW GRANTS FOR user1@localhost;
+
+connect (con1,localhost,user1,,);
+connection con1;
+# The below fails with a syntax error.
+# This is fine. It's only important that it does not fail on "access denied".
+--error ER_SYNTAX_ERROR
+BINLOG '';
+--enable_result_log
+disconnect con1;
+
+connection default;
+DROP USER user1@localhost;
+
+
+--echo #
+--echo # Test that binlog replay statements are allowed with SUPER
+--echo #
+
+CREATE USER user1@localhost IDENTIFIED BY '';
+GRANT SUPER ON *.* TO user1@localhost;
+SHOW GRANTS FOR user1@localhost;
+
+connect (con1,localhost,user1,,);
+connection con1;
+--error ER_BAD_SLAVE
+# The below fails with a syntax error.
+# This is fine. It's only important that it does not fail on "access denied".
+--error ER_SYNTAX_ERROR
+BINLOG '';
+--enable_result_log
+disconnect con1;
+
+connection default;
+DROP USER user1@localhost;
+
+--echo #
+--echo # End of 10.5 tests
+--echo #
diff --git a/mysql-test/main/grant_slave_admin.result b/mysql-test/main/grant_slave_admin.result
index 6f067f6421d..12f0694e9eb 100644
--- a/mysql-test/main/grant_slave_admin.result
+++ b/mysql-test/main/grant_slave_admin.result
@@ -20,8 +20,6 @@ STOP SLAVE;
 ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
 SHOW SLAVE STATUS;
 ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
-BINLOG '';
-ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation
 disconnect con1;
 connection default;
 DROP USER user1@localhost;
@@ -42,7 +40,6 @@ STOP SLAVE;
 Warnings:
 Note	1255	Slave already has been stopped
 SHOW SLAVE STATUS;
-BINLOG '';
 disconnect con1;
 connection default;
 DROP USER user1@localhost;
@@ -63,7 +60,6 @@ STOP SLAVE;
 Warnings:
 Note	1255	Slave already has been stopped
 SHOW SLAVE STATUS;
-BINLOG '';
 disconnect con1;
 connection default;
 DROP USER user1@localhost;
diff --git a/mysql-test/main/grant_slave_admin.test b/mysql-test/main/grant_slave_admin.test
index 9bb561f51d1..f17f8689b9f 100644
--- a/mysql-test/main/grant_slave_admin.test
+++ b/mysql-test/main/grant_slave_admin.test
@@ -26,8 +26,6 @@ CHANGE MASTER TO MASTER_HOST='127.0.0.1';
 STOP SLAVE;
 --error ER_SPECIFIC_ACCESS_DENIED_ERROR
 SHOW SLAVE STATUS;
---error ER_SPECIFIC_ACCESS_DENIED_ERROR
-BINLOG '';
 disconnect con1;
 
 connection default;
@@ -50,10 +48,6 @@ CHANGE MASTER TO MASTER_USER='root';
 STOP SLAVE;
 --disable_result_log
 SHOW SLAVE STATUS;
-# The below fails with a syntax error.
-# This is fine. It's only important that it does not fail on "access denied".
---error ER_SYNTAX_ERROR
-BINLOG '';
 --enable_result_log
 disconnect con1;
 
@@ -77,10 +71,6 @@ CHANGE MASTER TO MASTER_USER='root';
 STOP SLAVE;
 --disable_result_log
 SHOW SLAVE STATUS;
-# The below fails with a syntax error.
-# This is fine. It's only important that it does not fail on "access denied".
---error ER_SYNTAX_ERROR
-BINLOG '';
 --enable_result_log
 disconnect con1;
 
diff --git a/mysql-test/main/system_mysql_db_error_log.result b/mysql-test/main/system_mysql_db_error_log.result
index 7ae82ba19de..d600116b2a2 100644
--- a/mysql-test/main/system_mysql_db_error_log.result
+++ b/mysql-test/main/system_mysql_db_error_log.result
@@ -15,7 +15,7 @@ SET @all_known_privileges_current=(SELECT CAST(json_value(Priv, '$.access') AS U
 DROP USER user1@localhost;
 SELECT HEX(@all_known_privileges_current);
 HEX(@all_known_privileges_current)
-1FFFFFFFFF
+3FFFFFFFFF
 CREATE USER bad_access1@localhost;
 UPDATE
 mysql.global_priv
@@ -106,7 +106,7 @@ host='localhost' and user='good_version_id_100500';
 FLUSH PRIVILEGES;
 SHOW GRANTS FOR good_version_id_100500@localhost;
 Grants for good_version_id_100500@localhost
-GRANT SUPER, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, BINLOG ADMIN ON *.* TO `good_version_id_100500`@`localhost`
+GRANT SUPER, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `good_version_id_100500`@`localhost`
 DROP USER good_version_id_100500@localhost;
 FOUND 1 /Warning.*'user' entry 'bad_access1@localhost' has a wrong 'access' value.*version_id=/ in system_mysql_db_error_log.err
 FOUND 1 /Warning.*'user' entry 'bad_version_id_1000000@localhost' has a wrong 'version_id' value 1000000/ in system_mysql_db_error_log.err
diff --git a/mysql-test/suite/funcs_1/r/innodb_trig_03.result b/mysql-test/suite/funcs_1/r/innodb_trig_03.result
index 3c6d18c0085..2149d21131f 100644
--- a/mysql-test/suite/funcs_1/r/innodb_trig_03.result
+++ b/mysql-test/suite/funcs_1/r/innodb_trig_03.result
@@ -78,7 +78,7 @@ grant ALL  on *.* to test_noprivs@localhost;
 revoke TRIGGER on *.* from test_noprivs@localhost;
 show grants for test_noprivs@localhost;
 Grants for test_noprivs@localhost
-GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost;
 grant TRIGGER on *.* to test_yesprivs@localhost;
 grant SELECT on priv_db.t1 to test_yesprivs@localhost;
@@ -168,7 +168,7 @@ grant ALL  on *.* to test_noprivs@localhost;
 revoke UPDATE  on *.* from test_noprivs@localhost;
 show grants for test_noprivs@localhost;
 Grants for test_noprivs@localhost
-GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost;
 grant TRIGGER, UPDATE on *.* to test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
@@ -183,7 +183,7 @@ test_noprivs@localhost
 use priv_db;
 show grants;
 Grants for test_noprivs@localhost
-GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 select f1 from t1 order by f1;
 f1
 insert 3.5.3.2-no
@@ -441,7 +441,7 @@ grant ALL  on *.* to test_noprivs@localhost;
 revoke SELECT  on *.* from test_noprivs@localhost;
 show grants for test_noprivs@localhost;
 Grants for test_noprivs@localhost
-GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost;
 grant TRIGGER, SELECT on *.* to test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
@@ -457,7 +457,7 @@ test_noprivs@localhost
 use priv_db;
 show grants;
 Grants for test_noprivs@localhost
-GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 create trigger trg5a_1 before INSERT on t1 for each row
 set @test_var = new.f1;
 connection default;
diff --git a/mysql-test/suite/funcs_1/r/innodb_trig_03e.result b/mysql-test/suite/funcs_1/r/innodb_trig_03e.result
index 863aa9edb4f..8c9e31d30f2 100644
--- a/mysql-test/suite/funcs_1/r/innodb_trig_03e.result
+++ b/mysql-test/suite/funcs_1/r/innodb_trig_03e.result
@@ -603,7 +603,7 @@ trig 1_1-yes
 revoke TRIGGER on *.* from test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
 Grants for test_yesprivs@localhost
-GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 disconnect yes_privs;
 connect  yes_privs,localhost,test_yesprivs,PWD,test,$MASTER_MYPORT,$MASTER_MYSOCK;
 select current_user;
@@ -656,7 +656,7 @@ root@localhost
 grant TRIGGER on priv_db.* to test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
 Grants for test_yesprivs@localhost
-GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 GRANT TRIGGER ON `priv_db`.* TO `test_yesprivs`@`localhost`
 
 trigger privilege on db level for create:
diff --git a/mysql-test/suite/funcs_1/r/memory_trig_03.result b/mysql-test/suite/funcs_1/r/memory_trig_03.result
index e2b96e2aacd..7e7886d830f 100644
--- a/mysql-test/suite/funcs_1/r/memory_trig_03.result
+++ b/mysql-test/suite/funcs_1/r/memory_trig_03.result
@@ -78,7 +78,7 @@ grant ALL  on *.* to test_noprivs@localhost;
 revoke TRIGGER on *.* from test_noprivs@localhost;
 show grants for test_noprivs@localhost;
 Grants for test_noprivs@localhost
-GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost;
 grant TRIGGER on *.* to test_yesprivs@localhost;
 grant SELECT on priv_db.t1 to test_yesprivs@localhost;
@@ -168,7 +168,7 @@ grant ALL  on *.* to test_noprivs@localhost;
 revoke UPDATE  on *.* from test_noprivs@localhost;
 show grants for test_noprivs@localhost;
 Grants for test_noprivs@localhost
-GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost;
 grant TRIGGER, UPDATE on *.* to test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
@@ -183,7 +183,7 @@ test_noprivs@localhost
 use priv_db;
 show grants;
 Grants for test_noprivs@localhost
-GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 select f1 from t1 order by f1;
 f1
 insert 3.5.3.2-no
@@ -441,7 +441,7 @@ grant ALL  on *.* to test_noprivs@localhost;
 revoke SELECT  on *.* from test_noprivs@localhost;
 show grants for test_noprivs@localhost;
 Grants for test_noprivs@localhost
-GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost;
 grant TRIGGER, SELECT on *.* to test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
@@ -457,7 +457,7 @@ test_noprivs@localhost
 use priv_db;
 show grants;
 Grants for test_noprivs@localhost
-GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 create trigger trg5a_1 before INSERT on t1 for each row
 set @test_var = new.f1;
 connection default;
diff --git a/mysql-test/suite/funcs_1/r/memory_trig_03e.result b/mysql-test/suite/funcs_1/r/memory_trig_03e.result
index 155244d9299..0ad0be7f781 100644
--- a/mysql-test/suite/funcs_1/r/memory_trig_03e.result
+++ b/mysql-test/suite/funcs_1/r/memory_trig_03e.result
@@ -604,7 +604,7 @@ trig 1_1-yes
 revoke TRIGGER on *.* from test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
 Grants for test_yesprivs@localhost
-GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 disconnect yes_privs;
 connect  yes_privs,localhost,test_yesprivs,PWD,test,$MASTER_MYPORT,$MASTER_MYSOCK;
 select current_user;
@@ -657,7 +657,7 @@ root@localhost
 grant TRIGGER on priv_db.* to test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
 Grants for test_yesprivs@localhost
-GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 GRANT TRIGGER ON `priv_db`.* TO `test_yesprivs`@`localhost`
 
 trigger privilege on db level for create:
diff --git a/mysql-test/suite/funcs_1/r/myisam_trig_03.result b/mysql-test/suite/funcs_1/r/myisam_trig_03.result
index e2b96e2aacd..7e7886d830f 100644
--- a/mysql-test/suite/funcs_1/r/myisam_trig_03.result
+++ b/mysql-test/suite/funcs_1/r/myisam_trig_03.result
@@ -78,7 +78,7 @@ grant ALL  on *.* to test_noprivs@localhost;
 revoke TRIGGER on *.* from test_noprivs@localhost;
 show grants for test_noprivs@localhost;
 Grants for test_noprivs@localhost
-GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost;
 grant TRIGGER on *.* to test_yesprivs@localhost;
 grant SELECT on priv_db.t1 to test_yesprivs@localhost;
@@ -168,7 +168,7 @@ grant ALL  on *.* to test_noprivs@localhost;
 revoke UPDATE  on *.* from test_noprivs@localhost;
 show grants for test_noprivs@localhost;
 Grants for test_noprivs@localhost
-GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost;
 grant TRIGGER, UPDATE on *.* to test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
@@ -183,7 +183,7 @@ test_noprivs@localhost
 use priv_db;
 show grants;
 Grants for test_noprivs@localhost
-GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 select f1 from t1 order by f1;
 f1
 insert 3.5.3.2-no
@@ -441,7 +441,7 @@ grant ALL  on *.* to test_noprivs@localhost;
 revoke SELECT  on *.* from test_noprivs@localhost;
 show grants for test_noprivs@localhost;
 Grants for test_noprivs@localhost
-GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 revoke ALL PRIVILEGES, GRANT OPTION FROM test_yesprivs@localhost;
 grant TRIGGER, SELECT on *.* to test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
@@ -457,7 +457,7 @@ test_noprivs@localhost
 use priv_db;
 show grants;
 Grants for test_noprivs@localhost
-GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_noprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 create trigger trg5a_1 before INSERT on t1 for each row
 set @test_var = new.f1;
 connection default;
diff --git a/mysql-test/suite/funcs_1/r/myisam_trig_03e.result b/mysql-test/suite/funcs_1/r/myisam_trig_03e.result
index 9c2740b0c4b..73eb0336eef 100644
--- a/mysql-test/suite/funcs_1/r/myisam_trig_03e.result
+++ b/mysql-test/suite/funcs_1/r/myisam_trig_03e.result
@@ -604,7 +604,7 @@ trig 1_1-yes
 revoke TRIGGER on *.* from test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
 Grants for test_yesprivs@localhost
-GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 disconnect yes_privs;
 connect  yes_privs,localhost,test_yesprivs,PWD,test,$MASTER_MYPORT,$MASTER_MYSOCK;
 select current_user;
@@ -657,7 +657,7 @@ root@localhost
 grant TRIGGER on priv_db.* to test_yesprivs@localhost;
 show grants for test_yesprivs@localhost;
 Grants for test_yesprivs@localhost
-GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
+GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, CREATE TABLESPACE, DELETE HISTORY, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `test_yesprivs`@`localhost` IDENTIFIED BY PASSWORD '*C49735D016A099C0CF104EF9183F374A54CA2576'
 GRANT TRIGGER ON `priv_db`.* TO `test_yesprivs`@`localhost`
 
 trigger privilege on db level for create:
diff --git a/mysql-test/suite/perfschema/r/start_server_low_digest_sql_length.result b/mysql-test/suite/perfschema/r/start_server_low_digest_sql_length.result
index 3b2553ab92e..acb2497eec4 100644
--- a/mysql-test/suite/perfschema/r/start_server_low_digest_sql_length.result
+++ b/mysql-test/suite/perfschema/r/start_server_low_digest_sql_length.result
@@ -8,5 +8,5 @@ SELECT 1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1+1
 ####################################
 SELECT event_name, digest, digest_text, sql_text FROM events_statements_history_long;
 event_name	digest	digest_text	sql_text
-statement/sql/truncate	7b0d115e24864223fc76daf23b302766	TRUNCATE TABLE 	truncat...
-statement/sql/select	26ffe5453ab8b87b608f9bcd76dc54a3	SELECT ? + ? + 	SELECT ...
+statement/sql/truncate	1ce0abbaf6f3f120bdc1464f34c3e614	TRUNCATE TABLE 	truncat...
+statement/sql/select	c13037c37462abf2be6cf94058702f18	SELECT ? + ? + 	SELECT ...
diff --git a/mysql-test/suite/rpl/r/rpl_temporary.result b/mysql-test/suite/rpl/r/rpl_temporary.result
index 1d29ff3e8f1..650fe1db9e0 100644
--- a/mysql-test/suite/rpl/r/rpl_temporary.result
+++ b/mysql-test/suite/rpl/r/rpl_temporary.result
@@ -40,7 +40,7 @@ connect  con3,localhost,zedjzlcsjhd,,;
 connection con3;
 SET @save_select_limit=@@session.sql_select_limit;
 SET @@session.sql_select_limit=10, @@session.pseudo_thread_id=100;
-ERROR 42000: Access denied; you need (at least one of) the SUPER privilege(s) for this operation
+ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
 SELECT @@session.sql_select_limit = @save_select_limit;
 @@session.sql_select_limit = @save_select_limit
 1
diff --git a/mysql-test/suite/sys_vars/inc/sysvar_global_grant_alone.inc b/mysql-test/suite/sys_vars/inc/sysvar_global_grant_alone.inc
new file mode 100644
index 00000000000..6a1cf1a74c0
--- /dev/null
+++ b/mysql-test/suite/sys_vars/inc/sysvar_global_grant_alone.inc
@@ -0,0 +1,41 @@
+--source include/not_embedded.inc
+
+
+--eval SET @global=@@global.$var
+
+--echo # Test that "SET GLOBAL $var" is not allowed without $grant or SUPER
+
+CREATE USER user1@localhost;
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+--eval REVOKE $grant, SUPER ON *.* FROM user1@localhost
+--connect(user1,localhost,user1,,)
+--connection user1
+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
+--eval SET GLOBAL $var=$value
+--disconnect user1
+--connection default
+DROP USER user1@localhost;
+
+--echo # Test that "SET GLOBAL $var" is allowed with $grant
+
+CREATE USER user1@localhost;
+--eval GRANT $grant ON *.* TO user1@localhost
+--connect(user1,localhost,user1,,)
+--connection user1
+--eval SET GLOBAL $var=$value
+--disconnect user1
+--connection default
+DROP USER user1@localhost;
+
+--echo # Test that "SET GLOBAL $var" is allowed with SUPER
+
+CREATE USER user1@localhost;
+GRANT SUPER ON *.* TO user1@localhost;
+--connect(user1,localhost,user1,,)
+--connection user1
+--eval SET GLOBAL $var=$value
+--disconnect user1
+--connection default
+DROP USER user1@localhost;
+
+--eval SET @@global.$var=@global
diff --git a/mysql-test/suite/sys_vars/inc/sysvar_session_grant.inc b/mysql-test/suite/sys_vars/inc/sysvar_session_grant.inc
new file mode 100644
index 00000000000..1cdc6e7190a
--- /dev/null
+++ b/mysql-test/suite/sys_vars/inc/sysvar_session_grant.inc
@@ -0,0 +1,51 @@
+--source include/not_embedded.inc
+
+
+--eval SET @session=@@session.$var
+
+--echo # Test that "SET $var" is not allowed without $grant or SUPER
+
+CREATE USER user1@localhost;
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+--eval REVOKE $grant, SUPER ON *.* FROM user1@localhost
+--connect(user1,localhost,user1,,)
+--connection user1
+--error ER_LOCAL_VARIABLE
+--eval SET GLOBAL $var=$value
+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
+--eval SET $var=$value
+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
+--eval SET SESSION $var=$value
+--disconnect user1
+--connection default
+DROP USER user1@localhost;
+
+--echo # Test that "SET $var" is allowed with $grant
+
+CREATE USER user1@localhost;
+--eval GRANT $grant ON *.* TO user1@localhost
+--connect(user1,localhost,user1,,)
+--connection user1
+--error ER_LOCAL_VARIABLE
+--eval SET GLOBAL $var=$value
+--eval SET $var=$value
+--eval SET SESSION $var=$value
+--disconnect user1
+--connection default
+DROP USER user1@localhost;
+
+--echo # Test that "SET $var" is allowed with SUPER
+
+CREATE USER user1@localhost;
+GRANT SUPER ON *.* TO user1@localhost;
+--connect(user1,localhost,user1,,)
+--connection user1
+--error ER_LOCAL_VARIABLE
+--eval SET GLOBAL $var=$value
+--eval SET $var=$value
+--eval SET SESSION $var=$value
+--disconnect user1
+--connection default
+DROP USER user1@localhost;
+
+--eval SET @@session.$var=@session
diff --git a/mysql-test/suite/sys_vars/inc/sysvar_session_grant_alone.inc b/mysql-test/suite/sys_vars/inc/sysvar_session_grant_alone.inc
new file mode 100644
index 00000000000..af38623a010
--- /dev/null
+++ b/mysql-test/suite/sys_vars/inc/sysvar_session_grant_alone.inc
@@ -0,0 +1,45 @@
+--source include/not_embedded.inc
+
+
+--eval SET @session=@@session.$var
+
+--echo # Test that "SET $var" is not allowed without $grant or SUPER
+
+CREATE USER user1@localhost;
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+--eval REVOKE $grant, SUPER ON *.* FROM user1@localhost
+--connect(user1,localhost,user1,,)
+--connection user1
+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
+--eval SET $var=$value
+--error ER_SPECIFIC_ACCESS_DENIED_ERROR
+--eval SET SESSION $var=$value
+--disconnect user1
+--connection default
+DROP USER user1@localhost;
+
+--echo # Test that "SET $var" is allowed with $grant
+
+CREATE USER user1@localhost;
+--eval GRANT $grant ON *.* TO user1@localhost
+--connect(user1,localhost,user1,,)
+--connection user1
+--eval SET $var=$value
+--eval SET SESSION $var=$value
+--disconnect user1
+--connection default
+DROP USER user1@localhost;
+
+--echo # Test that "SET $var" is allowed with SUPER
+
+CREATE USER user1@localhost;
+GRANT SUPER ON *.* TO user1@localhost;
+--connect(user1,localhost,user1,,)
+--connection user1
+--eval SET $var=$value
+--eval SET SESSION $var=$value
+--disconnect user1
+--connection default
+DROP USER user1@localhost;
+
+--eval SET @@session.$var=@session
diff --git a/mysql-test/suite/sys_vars/r/gtid_domain_id_grant.result b/mysql-test/suite/sys_vars/r/gtid_domain_id_grant.result
new file mode 100644
index 00000000000..096f5136ab0
--- /dev/null
+++ b/mysql-test/suite/sys_vars/r/gtid_domain_id_grant.result
@@ -0,0 +1,69 @@
+#
+# MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
+#
+SET @global=@@global.gtid_domain_id;
+# Test that "SET GLOBAL gtid_domain_id" is not allowed without REPLICATION MASTER ADMIN or SUPER
+CREATE USER user1@localhost;
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL gtid_domain_id=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET GLOBAL gtid_domain_id" is allowed with REPLICATION MASTER ADMIN
+CREATE USER user1@localhost;
+GRANT REPLICATION MASTER ADMIN ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL gtid_domain_id=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET GLOBAL gtid_domain_id" is allowed with SUPER
+CREATE USER user1@localhost;
+GRANT SUPER ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL gtid_domain_id=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+SET @@global.gtid_domain_id=@global;
+SET @session=@@session.gtid_domain_id;
+# Test that "SET gtid_domain_id" is not allowed without BINLOG REPLAY or SUPER
+CREATE USER user1@localhost;
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET gtid_domain_id=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
+SET SESSION gtid_domain_id=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET gtid_domain_id" is allowed with BINLOG REPLAY
+CREATE USER user1@localhost;
+GRANT BINLOG REPLAY ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET gtid_domain_id=1;
+SET SESSION gtid_domain_id=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET gtid_domain_id" is allowed with SUPER
+CREATE USER user1@localhost;
+GRANT SUPER ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET gtid_domain_id=1;
+SET SESSION gtid_domain_id=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+SET @@session.gtid_domain_id=@session;
diff --git a/mysql-test/suite/sys_vars/r/gtid_seq_no_grant.result b/mysql-test/suite/sys_vars/r/gtid_seq_no_grant.result
new file mode 100644
index 00000000000..0d08cde546c
--- /dev/null
+++ b/mysql-test/suite/sys_vars/r/gtid_seq_no_grant.result
@@ -0,0 +1,44 @@
+#
+# MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
+#
+SET @session=@@session.gtid_seq_no;
+# Test that "SET gtid_seq_no" is not allowed without BINLOG REPLAY or SUPER
+CREATE USER user1@localhost;
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL gtid_seq_no=1;
+ERROR HY000: Variable 'gtid_seq_no' is a SESSION variable and can't be used with SET GLOBAL
+SET gtid_seq_no=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
+SET SESSION gtid_seq_no=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET gtid_seq_no" is allowed with BINLOG REPLAY
+CREATE USER user1@localhost;
+GRANT BINLOG REPLAY ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL gtid_seq_no=1;
+ERROR HY000: Variable 'gtid_seq_no' is a SESSION variable and can't be used with SET GLOBAL
+SET gtid_seq_no=1;
+SET SESSION gtid_seq_no=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET gtid_seq_no" is allowed with SUPER
+CREATE USER user1@localhost;
+GRANT SUPER ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL gtid_seq_no=1;
+ERROR HY000: Variable 'gtid_seq_no' is a SESSION variable and can't be used with SET GLOBAL
+SET gtid_seq_no=1;
+SET SESSION gtid_seq_no=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+SET @@session.gtid_seq_no=@session;
diff --git a/mysql-test/suite/sys_vars/r/preudo_thread_id_grant.result b/mysql-test/suite/sys_vars/r/preudo_thread_id_grant.result
new file mode 100644
index 00000000000..d306a192727
--- /dev/null
+++ b/mysql-test/suite/sys_vars/r/preudo_thread_id_grant.result
@@ -0,0 +1,44 @@
+#
+# MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
+#
+SET @session=@@session.pseudo_thread_id;
+# Test that "SET pseudo_thread_id" is not allowed without BINLOG REPLAY or SUPER
+CREATE USER user1@localhost;
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL pseudo_thread_id=1;
+ERROR HY000: Variable 'pseudo_thread_id' is a SESSION variable and can't be used with SET GLOBAL
+SET pseudo_thread_id=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
+SET SESSION pseudo_thread_id=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET pseudo_thread_id" is allowed with BINLOG REPLAY
+CREATE USER user1@localhost;
+GRANT BINLOG REPLAY ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL pseudo_thread_id=1;
+ERROR HY000: Variable 'pseudo_thread_id' is a SESSION variable and can't be used with SET GLOBAL
+SET pseudo_thread_id=1;
+SET SESSION pseudo_thread_id=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET pseudo_thread_id" is allowed with SUPER
+CREATE USER user1@localhost;
+GRANT SUPER ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL pseudo_thread_id=1;
+ERROR HY000: Variable 'pseudo_thread_id' is a SESSION variable and can't be used with SET GLOBAL
+SET pseudo_thread_id=1;
+SET SESSION pseudo_thread_id=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+SET @@session.pseudo_thread_id=@session;
diff --git a/mysql-test/suite/sys_vars/r/secure_timestamp_super.result b/mysql-test/suite/sys_vars/r/secure_timestamp_super.result
index 6fbb5e5fbf0..c61b515779b 100644
--- a/mysql-test/suite/sys_vars/r/secure_timestamp_super.result
+++ b/mysql-test/suite/sys_vars/r/secure_timestamp_super.result
@@ -11,7 +11,7 @@ EDITABLE
 create user foo@127.0.0.1;
 connect con2,127.0.0.1,foo,,test,$SLAVE_MYPORT;
 set timestamp=1234567890.101112;
-ERROR 42000: Access denied; you need (at least one of) the SUPER privilege(s) for this operation
+ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
 select if(now(6) > 20100101, 'READONLY', 'EDITABLE') as 'non-privileged';
 non-privileged
 READONLY
diff --git a/mysql-test/suite/sys_vars/r/server_id_grant.result b/mysql-test/suite/sys_vars/r/server_id_grant.result
new file mode 100644
index 00000000000..f562560e8da
--- /dev/null
+++ b/mysql-test/suite/sys_vars/r/server_id_grant.result
@@ -0,0 +1,69 @@
+#
+# MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
+#
+SET @global=@@global.server_id;
+# Test that "SET GLOBAL server_id" is not allowed without REPLICATION MASTER ADMIN or SUPER
+CREATE USER user1@localhost;
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+REVOKE REPLICATION MASTER ADMIN, SUPER ON *.* FROM user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL server_id=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, REPLICATION MASTER ADMIN privilege(s) for this operation
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET GLOBAL server_id" is allowed with REPLICATION MASTER ADMIN
+CREATE USER user1@localhost;
+GRANT REPLICATION MASTER ADMIN ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL server_id=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET GLOBAL server_id" is allowed with SUPER
+CREATE USER user1@localhost;
+GRANT SUPER ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET GLOBAL server_id=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+SET @@global.server_id=@global;
+SET @session=@@session.server_id;
+# Test that "SET server_id" is not allowed without BINLOG REPLAY or SUPER
+CREATE USER user1@localhost;
+GRANT ALL PRIVILEGES ON *.* TO user1@localhost;
+REVOKE BINLOG REPLAY, SUPER ON *.* FROM user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET server_id=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
+SET SESSION server_id=1;
+ERROR 42000: Access denied; you need (at least one of) the SUPER, BINLOG REPLAY privilege(s) for this operation
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET server_id" is allowed with BINLOG REPLAY
+CREATE USER user1@localhost;
+GRANT BINLOG REPLAY ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET server_id=1;
+SET SESSION server_id=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+# Test that "SET server_id" is allowed with SUPER
+CREATE USER user1@localhost;
+GRANT SUPER ON *.* TO user1@localhost;
+connect user1,localhost,user1,,;
+connection user1;
+SET server_id=1;
+SET SESSION server_id=1;
+disconnect user1;
+connection default;
+DROP USER user1@localhost;
+SET @@session.server_id=@session;
diff --git a/mysql-test/suite/sys_vars/t/gtid_domain_id_grant.test b/mysql-test/suite/sys_vars/t/gtid_domain_id_grant.test
new file mode 100644
index 00000000000..7b92c86e391
--- /dev/null
+++ b/mysql-test/suite/sys_vars/t/gtid_domain_id_grant.test
@@ -0,0 +1,16 @@
+--echo #
+--echo # MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
+--echo #
+
+--let var = gtid_domain_id
+--let grant = REPLICATION MASTER ADMIN
+--let value = 1
+
+--source suite/sys_vars/inc/sysvar_global_grant_alone.inc
+
+
+--let var = gtid_domain_id
+--let grant = BINLOG REPLAY
+--let value = 1
+
+--source suite/sys_vars/inc/sysvar_session_grant_alone.inc
diff --git a/mysql-test/suite/sys_vars/t/gtid_seq_no_grant.test b/mysql-test/suite/sys_vars/t/gtid_seq_no_grant.test
new file mode 100644
index 00000000000..ccbe0cf1374
--- /dev/null
+++ b/mysql-test/suite/sys_vars/t/gtid_seq_no_grant.test
@@ -0,0 +1,9 @@
+--echo #
+--echo # MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
+--echo #
+
+--let var = gtid_seq_no
+--let grant = BINLOG REPLAY
+--let value = 1
+
+--source suite/sys_vars/inc/sysvar_session_grant.inc
diff --git a/mysql-test/suite/sys_vars/t/preudo_thread_id_grant.test b/mysql-test/suite/sys_vars/t/preudo_thread_id_grant.test
new file mode 100644
index 00000000000..eebf2cd340e
--- /dev/null
+++ b/mysql-test/suite/sys_vars/t/preudo_thread_id_grant.test
@@ -0,0 +1,9 @@
+--echo #
+--echo # MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
+--echo #
+
+--let var = pseudo_thread_id
+--let grant = BINLOG REPLAY
+--let value = 1
+
+--source suite/sys_vars/inc/sysvar_session_grant.inc
diff --git a/mysql-test/suite/sys_vars/t/server_id_grant.test b/mysql-test/suite/sys_vars/t/server_id_grant.test
new file mode 100644
index 00000000000..9b0072b94d5
--- /dev/null
+++ b/mysql-test/suite/sys_vars/t/server_id_grant.test
@@ -0,0 +1,16 @@
+--echo #
+--echo # MDEV-21975 Add BINLOG REPLAY privilege and bind new privileges to gtid_seq_no, preudo_thread_id, server_id, gtid_domain_id
+--echo #
+
+--let var = server_id
+--let grant = REPLICATION MASTER ADMIN
+--let value = 1
+
+--source suite/sys_vars/inc/sysvar_global_grant_alone.inc
+
+
+--let var = server_id
+--let grant = BINLOG REPLAY
+--let value = 1
+
+--source suite/sys_vars/inc/sysvar_session_grant_alone.inc