5.3.1 Creating a MySQL User Account for the Monitor Agent

The MySQL Enterprise Monitor Agent requires a user configured within each MySQL instance that is being monitored with suitable privileges to collect information about the server, including variable names, replication, and storage engine status information. The agent installer creates a suitable user for you during installation if you supply the installer with a user/password for a privileged user (such as the root user). This account information is used only during the installation to create the user, and is not written to any file. If you use this option, skip the remainder of this section.

Creating the Agent Account Manually

If you do not supply the root user information to the installer, create a user manually within your MySQL server and provide these credentials as the agent user/password combination during installation. The privileges required for this user account vary depending on the information you gather using the MySQL Enterprise Monitor Agent. The following privileges allow the Monitor Agent to perform its assigned duties without limitation:

For example, the following GRANT statement gives the agent the required SELECT, REPLICATION CLIENT, SHOW DATABASES and SUPER rights:

GRANT SELECT, REPLICATION CLIENT, SHOW DATABASES, SUPER, PROCESS
  ON *.*
  TO  'mysqluser'@'localhost'
  IDENTIFIED BY 'agent_password';

For security reasons, you might limit the CREATE and INSERT privileges to the agent so that it can only create tables within the mysql database:

GRANT CREATE, INSERT
  ON mysql.*
  TO  'mysqluser'@'localhost'
  IDENTIFIED BY 'agent_password';

To let replication discovery work, grant the SELECT privilege on the mysql.inventory table for each user with replication privileges on the corresponding replication master. This is required to let the MySQL Enterprise Monitor Agent read the replication master UUID. For example:

GRANT SELECT
  ON mysql.inventory
  TO  'replicationuser'@'%'
  IDENTIFIED BY 'replication_password';
Note

Perform this step after after running the agent on the corresponding MySQL server to ensure that the mysql.inventory table is created correctly. Run the agent, shut the agent down, run the above GRANT statement, and then restart the agent.

If the agent cannot access the information from the table, a warning containing this information is written to the agent log.

Note

You might disable logging for the grant statement to prevent the grant information being replicated to the slaves. In this case, execute the statement SET SQL_LOG_BIN=0 before executing the above GRANT statement.

In a typical configuration, the agent runs on the same machine as the MySQL server it is monitoring, so the host name is localhost. If the agent is running on a machine other than the one that hosts the monitored MySQL server, change localhost to the appropriate value. For more information about remote monitoring, see Section 5.3.7, “Configuring an Agent to Monitor a Remote MySQL Server”.