You can try to change log_bin_trust_function_creators
; however, there is an alternative approach that seems more appropriate when you consider the meaning of that variable:
It controls whether stored function creators can be trusted not to create stored functions that will cause unsafe events to be written to the binary log.
A setting of 0
also enforces the restriction that a function must be declared with the DETERMINISTIC
characteristic, or with the READS SQL DATA
or NO SQL
characteristic. If the variable is set to 1
, MySQL does not enforce these restrictions on stored function creation.
All that option does is assume that you know what you are doing, without making you assert that you do by using one of the three characteristics in your CREATE
statement... but if you don't properly declare the function, you may miss out on potential optimizations.
misdeclaring a routine might affect results or affect performance
Taken together, this implies that the most correct approach is to declare your stored functions with DETERMINISTIC
or READS SQL DATA
or NO SQL
as appropriate, and, if these do not correctly describe your function's behavior, then your function still may result in unsafe statements being written to the binary log, because these options are also "trusted:"
Assessment of the nature of a routine is based on the “honesty” of the creator: MySQL does not check that a routine declared DETERMINISTIC
is free of statements that produce nondeterministic results.
Curious aside: astute observers will note that I omitted something from the documentation's description:
If set to 0 (the default), users are not permitted to create or alter stored functions unless they have the SUPER
privilege in addition to the CREATE ROUTINE
or ALTER ROUTINE
privilege.
Since nobody gets SUPER
in RDS, and assuming this is not an error in the official documentation, this seems like it must be an AWS customization of MySQL behavior.
Best Answer
I forgot that I had created a stored procedure to set the time zone after every connection made.
Looking at the server log I found that the problem was that the new users didn't have permission to execute it.