23.1 Users and Roles

MySQL Enterprise Monitor Access Control enables you to manage the following:

Asset visibility: the rights to access data collected from hosts or MySQL instances. Access can be strictly limited to specific groups of monitored assets.
Application administration: the rights to view or change the MySQL Enterprise Monitor configuration.
Specific data access: the rights to view specific types of potentially sensitive data.
Role reuse: rather than define permissions per user, permission sets are defined in Roles and multiple users can be assigned to each Role.

The access control system is based on Users and Roles. Users have no rights assigned to them directly. All rights are defined on Roles. Users are assigned to Roles and inherit the rights defined on those Roles.

Roles

Roles are collections of permissions to which users are assigned. Roles define what the user is permitted to see and do in the application. Users can be assigned to multiple roles.

If users are assigned to multiple roles, MySQL Enterprise Monitor always takes the highest permission defined on those roles for that user. For example, if the user is assigned to a role with the Advisor Configuration set to Read-Only, and another role with Advisor Configuration set to Administer, Administer is the permission used for that user.

Users

Users are simple definitions of user name, password, and an optional authentication method, such as Active Directory or LDAP. Each user must be assigned to at least one Role.

Note

It is not possible to save a user without an assigned Role.