I’ve recently installed pm-server it’s pretty nice and very useful.
But it requires SUPER privilege to pmm mysql user. I’m not quite sure is it safe to grant SUPER privilege to monitoring account.
Am I wrong, and it completely safe? Or there is any way to avoid this?
There are a couple of reasons we ask for SUPER privileges:
- With MySQL there is the concept of exhausting all available connections up to max_connections server variable, however since 5.1 MySQL permits one more connection to those users with SUPER - the thinking here is that we still allow the monitoring application to log in and provide an understanding of what is going on within the server, in order to troubleshoot. Without this connection, you will be blind.
- Without SUPER we will then lose the ability to modify server variables around Query Analytics - slow log rotation, etc
So in other words - PMM will still work without SUPER however it will operate with lesser functionality if you revoke this privilege.
Privileges required for PMM & MySQL full functionality: Configuring MySQL for Best Results
How SUPER maintains visibility of your database activity: MySQL :: MySQL 8.0 Reference Manual :: B.3.2.5 Too many connections