Revoking permission to install plugins?

The following query was used as part of a security audit to identify users with access to install/uninstall server plugins at the database level.

SELECT user, host FROM mysql.db WHERE db = 'mysql' and (insert_priv='y') or (delete_priv='y') or (insert_priv='y' and delete_priv='y');

I need to revoke that permission from the users that are listed. Is there a specific privilege I revoke to do this? If so, I can't find it. Or would I simply UPDATE the insert_priv and delete_priv fields directly in the mysql.db table? I'm not a DBA but the closest thing we have at the moment.

You are able to install plugins when you have INSERT permissions on the mysql.plugin table, see INSTALL PLUGIN:

> To use INSTALL PLUGIN, you must have the INSERT privilege for the mysql.plugin table.

So when you have database wide INSERT permissions on the (internal administrative) database mysql, then you can install plugins.

The same goes for the UNINSTALL PLUGIN statement, see UNINSTALL PLUGIN

> To use UNINSTALL PLUGIN, you must have the DELETE privilege for the mysql.plugin table.

Remove the insert_priv and delete_priv privileges for the mysql database, your "normal" MySQL user accounts shouldn't be able to write in this database anyway.