Description:
From the /opt/mysql/enterprise/agent/share/mysql-proxy/items/items-mysql-monitor.xml

Security Rule "Non-Authorized User Has Server Admin Privileges" checks  for

Create_user_priv = 'Y'
File_priv = 'Y'
Lock_tables_priv = 'Y'
Reload_priv = 'Y'
Shutdown_priv = 'Y'
Super_priv = 'Y

However it does not include a check that a user has Process_priv = 'Y' 

Considering the other checks that are included in this rule this seems an odd exception to not include this.

How to repeat:
n/a

Suggested fix:
Please consider adding the Process_priv to the rule.

Andy Bang writes: 
Added Process_priv to the list of items we check in the custom data collection item in the Agent's items-mysql-monitor.xml file.

Pushed up to revision 1418.

Marcos Palacios writes: 
Verified fixed in agent build 2.1.0.1078 in the Agent's items XML file.

QA has agreed with Dev that this rule's Advice will need to be modified as well; will reopen for this additional change.

Marcos Palacios writes: 
Reopening for the following change:

QA has agreed with Dev that this rule's Advice needs to be modified by adding the 'Process' privilege to the list (as shown below):

"Investigate why the following users have at least one of the admin privileges (CREATE USER, FILE, LOCK TABLES on all databases, RELOAD, SHUTDOWN, SUPER, PROCESS)".

Andy Bang writes: 
Added PROCESS to the list of admin privileges in the advice.

Pushed up to revision 289.

Keith Russell writes: 
Patch installed in versions => 2.1.0.1085.

Marcos Palacios writes: 
Verified fixed in advisor bundle 2.1.0.1085.

An entry was added to the 2.1.0 changelog:

The Rule “Non-Authorized User Has Server Admin Privileges” in the “Security” Advisor checked for the following:

Create_user_priv = 'Y'
File_priv = 'Y'
Lock_tables_priv = 'Y'
Reload_priv = 'Y'
Shutdown_priv = 'Y'
Super_priv = 'Y

However, it did not include a check for the condition:

Process_priv = 'Y'