I need to assign the monitoradmin privilege to a user because this is what an application called "dynatrace" needs to monitor the server (some details in a post on their site).
According to https://mariadb.com/kb/en/grant/ there is a PROCESS
privilege but I can't assign it.
MariaDB [(none)]> CREATE USER dynatrace IDENTIFIED BY 'secret';
Query OK, 0 rows affected (0.007 sec)
MariaDB [(none)]> GRANT MonitorAdmin TO dynatrace;
ERROR 1959 (OP000): Invalid role specification `MonitorAdmin`
Same result with PROCESS
:
MariaDB [(none)]> GRANT PROCESS TO dynatrace;
ERROR 1959 (OP000): Invalid role specification `PROCESS`
Where is my mistake ? Although my knowledge about mariaDB is more than limited I have the password of the root account đ and can run the commands as this user.
Best Answer
For general monitoring, this comes closer to covering all bases, but without being able to "cause damage":
The
ON *.*
is necessary (though clumsy) syntax.If the data is sensitive, remove
SELECT
. It can even be argued that being able to list the database names (SHOW DATABASES
) could be sensitive.REPLICATION CLIENT
(notSLAVE
) let's you monitorSeconds_behind_master
in a Slave.