The documentation for the DX APM MySql agent states that a grant to select and read from every table from every instance in this DB is needed.
What is the exact list of permissions in the DB that are required by the user starting DX APM MySQL agent and what is the justification for such broad permission?
Application Performance Management 20.2 or Saas
The grant of those privileges for the APM MySQL agent´s user is a requirement to enable the level of monitoring it is supposed to provide.
This is an extract of the agent documentation:
Configure MySQL Database Permissions
To monitor MySQL database, ensure that you have the following access privileges on all databases: "SELECT", "PROCESS", and "SHOW DATABASES". If you do not have a suitable existing user, use the following command to create a user, where “host” is the host name or IP address of the machine which runs the database monitoring and “password” is a suitably secure password:
GRANT SELECT,PROCESS,SHOW DATABASES on *.* to 'monitoruser'@'host' identified by 'password';
The link for that is :
Here is what each one of the grants "SELECT", "PROCESS", and "SHOW DATABASES" allows to:
1- SHOW DATABASES
The MySQL Enterprise Monitor Agent can gather inventory about the monitored MySQL server.
When monitoring a MySQL server with InnoDB, the PROCESS privilege is required to execute SHOW ENGINE INNODB STATUS. Please note that InnoDB is a storage engine for the database management system so it is vital for most of the metrics.
This allows the MySQL Monitor Agent to collect statistics for table objects. Without this grant there is no way to retrieve the table statistics used to populate the metrics.
Unfortunately the DBMS does not have a separated grant for reading the table statistics and table content.