Bug #46023 Advisor rule suggests renaming root@localhost which raises 3 other alerts
Submitted: 7 Jul 2009 21:54 Modified: 7 Aug 2009 9:37
Reporter: Matthew Montgomery Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Enterprise Monitor: Advisors/Rules Severity:S3 (Non-critical)
Version:2.0.0.7071 OS:Any
Assigned to: Andy Bang CPU Architecture:Any

[7 Jul 2009 21:54] Matthew Montgomery 
Description:
Rule "Server Includes A Root User Account   (v 1.3 *)" has Recommended Action "UPDATE user SET user = 'new_name' WHERE user = 'root'; FLUSH PRIVILEGES;"

Three other rules look for user !='root' with administrative grants.  Following the advice of the first alert will raise the following three.

Non-Authorized User Has DB, Table, Or Index Privileges On All Databases
Non-Authorized User Has GRANT Privileges On All Databases
Non-Authorized User Has Server Admin Privileges 

How to repeat:
n/a

Suggested fix:
Please avoid conflicting advisor recommendations.
[4 Aug 2009 0:52] Enterprise Tools JIRA Robot 
Andy Bang writes: 
Pushed up to revision 293.

Updated the advice to note changes needed to custom data collections when customers change the name of the root account.
[4 Aug 2009 22:46] Enterprise Tools JIRA Robot 
Keith Russell writes: 
Patch installed in versions => 2.1.0.1085.
[6 Aug 2009 15:14] Enterprise Tools JIRA Robot 
Marcos Palacios writes: 
Verified fixed in advisor bundle 2.1.0.1085.
[7 Aug 2009 9:37] Tony Bedford 
An entry was added to the 2.1.0 changelog:

The Rule “Server Includes A Root User Account” in the “Security” Advisor had a Recommended Action:

UPDATE user SET user = 'new_name' WHERE user = 'root'; FLUSH PRIVILEGES;
However, three other rules triggered in the case where “user” was not “root” but had administrative grants. This caused the following alerts to be generated:

Non-Authorized User Has DB, Table, Or Index Privileges On All Databases

Non-Authorized User Has GRANT Privileges On All Databases

Non-Authorized User Has Server Admin Privileges