MariaDB – How to Grant MonitorAdmin / PROCESS Privilege to User

mariadbmariadb-10.3permissions

I need to assign the monitoradmin privilege to a user because this is what an application called "dynatrace" needs to monitor the server (some details in a post on their site).

According to https://mariadb.com/kb/en/grant/ there is a PROCESS privilege but I can't assign it.

MariaDB [(none)]> CREATE USER dynatrace IDENTIFIED BY 'secret';
Query OK, 0 rows affected (0.007 sec)

MariaDB [(none)]> GRANT MonitorAdmin TO dynatrace;
ERROR 1959 (OP000): Invalid role specification `MonitorAdmin`

Same result with PROCESS:

MariaDB [(none)]> GRANT PROCESS TO dynatrace;
ERROR 1959 (OP000): Invalid role specification `PROCESS`

Where is my mistake ? Although my knowledge about mariaDB is more than limited I have the password of the root account 😉 and can run the commands as this user.

Best Answer

For general monitoring, this comes closer to covering all bases, but without being able to "cause damage":

GRANT SELECT, PROCESS, REFERENCES, SHOW DATABASES,
      REPLICATION CLIENT, SHOW VIEW
      ON *.* TO username@'...';

The ON *.* is necessary (though clumsy) syntax.

If the data is sensitive, remove SELECT. It can even be argued that being able to list the database names (SHOW DATABASES) could be sensitive.

REPLICATION CLIENT (not SLAVE) let's you monitor Seconds_behind_master in a Slave.

Best Answer

Related Solutions

Sql-server – Permissions on sys.syslogins

Sql-server – Grant users privilege to use QUERYTRACEON 9481

Related Question