Bug #70502 Documentation on required MySQL grants is not very cleaer
Submitted: 3 Oct 2013 9:05 Modified: 3 Jun 2014 21:46
Reporter: Simon Mudd (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Enterprise Monitor: Documentation Severity:S3 (Non-critical)
Version:3.0.1.2893 OS:Any
Assigned to: Edward Gilmore CPU Architecture:Any

[3 Oct 2013 9:05] Simon Mudd 
Description:
The documentation for the requirements of setting up the merlin agent is not very clear regarding the different MySQL users that need to be configured.

The install procedure is not very clear when it talks about auto-create the non-admin users, as it is not clear if the usernames or passwords will be requested/auto-generated or not.  It seems that it will just ask for both but this is not obvious.

How to repeat:
Read the docs. read again. Try to figure it out.

Suggested fix:
 While the documentation talks about this it might be better to perhaps initially say:

In order to monitor a MySQL instance the agent can use a single MySQL user (with complete rights) or it can be configured with different MySQL users each with the rights needed for the particular task. The ideal configuration would be to configure the 3 users: admin, general and limited. Each of these users require the following rights:

Admin:

GRANT ... ON .... TO admin@localhost IDENTIFIED BY '.....';
GRANT ... ON .... TO admin@localhost IDENTIFIED BY '.....';

General:

GRANT ... ON .... TO general@localhost IDENTIFIED BY '.....';
...
Limited:

GRANT ... ON .... TO limited@localhost IDENTIFIED BY '.....';
...

Explain why this is better than just using the "admin" user.
If only connecting to local instances and a socket exists: connect via the socket (if possible).
If only connecting to local instances and localhost (::1 in IPv6 or 127.0.0.1 in IPv4) exists then use that if possible.
[4 Oct 2013 7:55] MySQL Verification Team 
Hello Simon,

Thank you for the bug report.

Thanks,
Umesh