Bug #42361 Inappropriate example for creating a user for an agent.
Submitted: 27 Jan 2009 3:03 Modified: 27 Jan 2009 9:03
Reporter: Meiji KIMURA Email Updates:
Status: Not a Bug Impact on me:
None 
Category:MySQL Enterprise Monitor: Documentation Severity:S3 (Non-critical)
Version:2.0 OS:Any
Assigned to: CPU Architecture:Any

[27 Jan 2009 3:03] Meiji KIMURA
Description:
I can see the manual for createing MySQL User Account for the Service Agent.

15.3.4.1. Creating a MySQL User Account for the Service Agent
http://dev.mysql.com/doc/refman/5.1/en/mem-agent-rights.html
http://dev.mysql.com/doc/refman/6.0/en/mem-agent-rights.html

Description said, 
//->Here
 For example, the following GRANT statement will give the agent the required SELECT, REPLICATION CLIENT, SHOW DATABASES and SUPER rights:

GRANT SELECT, REPLICATION CLIENT, SHOW DATABASES, SUPER, INSERT, PROCESS
  ON *.* 
  TO  'mysqluser'@'localhost' 
  IDENTIFIED BY 'agent_password';
//<-Here

1st paragraph don't mention about INSERT rights, but next example contains INSERT. And both of them don't contaion CREATE right.

If CREATE rights not to be granted, an agent fail to create mysql.inventory. So I believe each paragraph contain CREATE rights.

How to repeat:
N/A

Suggested fix:
Modify like this.

//->Here
 For example, the following GRANT statement will give the agent the required SHOW DATABASES, REPLICATION CLIENT, SELECT, SUPER, PROCESS, INSERT and CREATE rights:

GRANT SHOW DATABASES, REPLICATION CLIENT, SELECT, SUPER, PROCESS, INSERT, CREATE 
  ON *.* 
  TO  'mysqluser'@'localhost' 
  IDENTIFIED BY 'agent_password';
//<-Here
[27 Jan 2009 9:03] Mark Leith
The following paragraph states:

For security reasons, you may wish to limit the CREATE and INSERT privileges to the agent so that it can only create tables within the mysql database:

GRANT CREATE, INSERT
  ON mysql.* 
  TO  'mysqluser'@'localhost' 
  IDENTIFIED BY 'agent_password';

This quite clearly shows CREATE and INSERT, INSERT is not required globally, only on the mysql database (as is CREATE). 

Not a bug..