Wanted to know what MySQL roles does temporal require after the initial db initialization. Does it require delete permission?
I believe it doesn’t need any admin permissions. The service only performs read and write operations on the existing tables.
We recommend using temporal-sql-tool for schema creation before running Temporal cluster on top of it. This would require permissions to create new schema. Once the schema is created service only does CRUD operations on the tables created by running temporal-sql-tool.
Does CRUD include DELETE? as a dev ops policy we avoid giving delete access to applications. Will this require it?
Yes, the service requires DELETE permissions to support deletion of workflows after the retention period. Otherwise your DB is going to grow in size indefinitely.