开放式：拥有一名或多名 DBA 的组织。所有用户都可以看到所有受监控的资产，但具有不同的访问权限。

严格：拥有多个 DBA 和开发人员以及许多受监控资产的组织，根据应用程序和使用它们的用户进行分组。组织内的一些用户可以访问所有受监控的资产，一些用户只能访问这些资产的一个子集，并且看不到任何超出他们职责范围的资产。此场景采用生产与开发模式。

通常，在这种情况下，生产和开发之间存在严格的分离。也就是说，那些对开发资产具有完全访问权限的角色对生产资产只有有限的访问权限，或者没有访问权限。

数据库管理员 (DBA)：负责 MySQL 实例的正确操作。因此，他们需要访问在受监控实例上收集的数据。在大多数情况下，DBA 可以访问顾问、事件处理程序和查询分析等功能。

Group/User Administrator: responsible for user, role, and group management. This role defines who has access to MySQL Enterprise Service Manager and defines the grouping of the servers. Users in this role are typically high-level DBAs, IT administrators, or project managers. In large organizations, the Group Administrator role may also be responsible for managing Event Handlers, Event Blackouts, and Notification Groups. It is strongly recommended that a group administrator is assigned in all setups. The scope of the Group Administrator role's permissions can vary, depending on the size of the organization. In smaller organizations, members of this role are solely responsible for the addition of users, roles and groups. While, in larger organizations, they are also responsible for managing the event traffic via email/SMTP notifications, group management, and so on.

The GroupAdmin role is a lock-and-key role. It is defined in such a way that it cannot be used on its own. To add groups, users or roles, it must be used in combination with a role which grants the top-level permissions, Server Group and MEM Web Application. That is, for a user to have permissions to edit users, roles and groups, they must be members of both the GroupAdmin role and another role which grants the dependent permissions.

The GroupAdmin role is recommended for all implementations except the most basic.

Developers: responsible for the code deployed on the assets. As such, they need to see the impact of their code on the monitored assets. In a production environment, the developers have access to Events, Query Analysis, graph data, and so on.