Bug #53542 MEM user management (entitlement) granularity inadequate
Submitted: 10 May 2010 16:20 Modified: 11 May 2010 8:22
Reporter: Kevin Benton Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Enterprise Monitor: Server Severity:S4 (Feature request)
Version: OS:Any
Assigned to: CPU Architecture:Any

[10 May 2010 16:20] Kevin Benton 
Description:
I have software developers that need to see how changes to their code are affecting the database.  The problem is, I can't give them access to MEM without risk of their changing MEM notifications, or giving them access to configure MEM inappropriately.  I also can't restrict their access to a limited set of servers I want them to be able to see from one MEM console.

What I want is the ability to give developers access to be able to view graphs at least on a per-server basis and potentially on a per-server basis.  Ideally, the entitlement system would use the database's own grant tables to determine what the user could see.

I'm being driven by my management to give away access to MEM yet I have security concerns especially with regard to query analyzer and our PCI systems.

I hope this is a duplicate bug, but I didn't see anything like it when I looked.

How to repeat:
See description

Suggested fix:
See description
[11 May 2010 8:22] Mark Leith 
There is a new "read-only" user in 2.2.0 (now GA), that allows you to give access to a user to view graphs etc., whilst not granting access to query analyzer data, or other actions such as closing events, enabling/disabling rules etc.:

http://dev.mysql.com/doc/mysql-monitor/2.2/en/mem-managing-users.html

As for finer grained access controls, see Bug#40450:

http://bugs.mysql.com/bug.php?id=40450

Closing this bug as a duplicate.