Permissions required for the APM MySQL agent user

book

Article ID: 141317

calendar_today

Updated On:

Products

CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE DX Application Performance Management

Issue/Introduction

The documentation for the DX APM MySql agent states that a grant to select and read from every table from every instance in this DB is needed.

What is the exact list of permissions in the DB that are required by the user starting DX APM MySQL agent and what is the justification for such broad permission?

 

Environment

Application Performance Management 20.2 or Saas

Resolution

The grant of those privileges for the APM MySQL agent´s user is a requirement to enable the level of monitoring it is supposed to provide. 

This is an extract of the agent documentation:

----------------------------

Configure MySQL Database Permissions

To monitor MySQL database, ensure that you have the following access privileges on all databases: "SELECT", "PROCESS", and "SHOW DATABASES". If you do not have a suitable existing user, use the following command to create a user, where “host” is the host name or IP address of the machine which runs the database monitoring and “password” is a suitably secure password:

GRANT SELECT,PROCESS,SHOW DATABASES on *.* to 'monitoruser'@'host' identified by 'password';
FLUSH privileges;

--------------------------------

The link for that is :

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/application-performance-management/11-1/implementing-agents/infrastructure-agent/mysql-database-monitoring.html



Here is what each one of the grants "SELECT", "PROCESS", and "SHOW DATABASES" allows to:

1- SHOW DATABASES

     The MySQL Enterprise Monitor Agent can gather inventory about the monitored MySQL server.

2- PROCESS

     When monitoring a MySQL server with InnoDB, the PROCESS privilege is required to execute SHOW ENGINE INNODB STATUS. Please note that InnoDB is a storage engine for the database management system so it is vital for most of the metrics.

3- SELECT:

    This allows the MySQL Monitor Agent to collect statistics for table objects. Without this grant there is no way to retrieve the table statistics used to populate the metrics.

    Unfortunately the DBMS does not have a separated grant for reading the table statistics and table content.

Additional Information

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/application-performance-management/20-2/implementing-agents/infrastructure-agent/mysql-database-monitoring.html