Grant MonitorAdmin / PROCESS privilege to user

Question

I need to assign the monitoradmin privilege to a user because this is what an application called "dynatrace" needs to monitor the server (some details in a post on their site).

According to https://mariadb.com/kb/en/grant/ there is a PROCESS privilege but I can't assign it.

MariaDB [(none)]> CREATE USER dynatrace IDENTIFIED BY 'secret';
Query OK, 0 rows affected (0.007 sec)

MariaDB [(none)]> GRANT MonitorAdmin TO dynatrace;
ERROR 1959 (OP000): Invalid role specification `MonitorAdmin`

Same result with PROCESS:

MariaDB [(none)]> GRANT PROCESS TO dynatrace;
ERROR 1959 (OP000): Invalid role specification `PROCESS`

Where is my mistake ? Although my knowledge about mariaDB is more than limited I have the password of the root account ;-) and can run the commands as this user.

Answer 1

For general monitoring, this comes closer to covering all bases, but without being able to "cause damage":

GRANT SELECT, PROCESS, REFERENCES, SHOW DATABASES,
      REPLICATION CLIENT, SHOW VIEW
      ON *.* TO username@'...';

The ON *.* is necessary (though clumsy) syntax.

If the data is sensitive, remove SELECT. It can even be argued that being able to list the database names (SHOW DATABASES) could be sensitive.

REPLICATION CLIENT (not SLAVE) let's you monitor Seconds_behind_master in a Slave.

Answer 2

From the MariaDB documentation:

To set a global privilege, use *.* for priv_level.

So your command should be

GRANT PROCESS ON *.* TO dynatrace;

Answer 3

One more way:

GRANT PROCESS, SELECT ON *.* TO dynatrace;