MySQL

Overview

MySQL is an open-source relational database management system (RDBMS) known for its speed, reliability, and flexibility. It is widely used for web-based applications and supports SQL, the standard language for interacting with and managing data in a relational database.

Entitle can manage the following resources in MySQL:

• Servers
• Schemas
• Roles
• Views
• Tables

Managed resources and roles

SELECT

SELECT, INSERT, UPDATE, DELETE

SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, REFERENCES,
INDEX, ALTER, SHOW_DATABASES, CREATE_TEMPORARY_TABLES, LOCK_TABLES, EXECUTE,
REPLICATION_SLAVE, REPLICATION_CLIENT, CREATE_VIEW, SHOW_VIEW, CREATE_ROUTINE, ALTER_ROUTINE,
CREATE_USER, EVENT, TRIGGER, CREATE_TABLESPACE

SELECT

SELECT, INSERT, UPDATE, DELETE

SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES,
INDEX, ALTER, CREATE_TEMPORARY_TABLES, LOCK_TABLES, CREATE_VIEW,
SHOW_VIEW, CREATE_ROUTINE, ALTER_ROUTINE, EXECUTE, EVENT, TRIGGER

SELECT

SELECT, INSERT, UPDATE, DELETE

SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES,
INDEX, ALTER, CREATE_VIEW, SHOW_VIEW, TRIGGER

SELECT

SELECT, INSERT, UPDATE, DELETE

SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES,
INDEX, ALTER, CREATE_VIEW, SHOW_VIEW, TRIGGER

General guidelines

💡

Note

• Entitle supports RDS MySQL and Non-RDS MySQL versions 5.7 and 8.0.
• Entitle does not support MySQL's native host-based authorization mechanism. Only permissions applied to all hosts will be manageable through Entitle.

• To integrate MySQL with Entitle, you need to:
  • Extract an admin user's credentials.
  • Obtain your MySQL instance's host and port.
  • Determine your MySQL version.
• Before setting up MySQL to work with Entitle, note that there are two different MySQL instances:
  1. Option 1 - RDS-managed MySQL instances that are stored in AWS and are a part of its service.
  2. Option 2 - non-RDS-managed MySQL instances that are stored anywhere in the world.

As a result, the initial steps of the integration process differ between non-RDS and RDS MySQL setups (specifically in stage 1 - creating a service account). The required permissions for the service account also vary between these two options.

Set up MySQL to work with Entitle

Create a service account for Entitle

• MySQL integration requires the user who is provided to have certain privileges. Follow the following steps to create a service account for Entitle and grant it the required permissions.

  Option 1: RDS-managed MySQL instances

  1. Log in to your MySQL server using the command line interface.

  2. If you are using version 5.7 of MySQL, create an administrative username and password combination in your MySQL instance by running the following command:

     SQL

     CREATE USER 'entitle_service_account'@'%' IDENTIFIED BY 'password';
     GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER ON *.* TO 'entitle_service_account'@'%' WITH GRANT OPTION;
     

  3. In versions 8.0 and above of MySQL, resource type Role can be managed by Entitle. Therefore, to create an administrative username and password combination in your MySQL instance, run the following command:

     SQL

     CREATE USER 'entitle_service_account'@'%' IDENTIFIED BY 'password';
     GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, ROLE_ADMIN, EVENT, TRIGGER ON *.* TO 'entitle_service_account'@'%' WITH GRANT OPTION;
     

  Option 2: Non-RDS-managed MySQL instances

  1. Log in to your MySQL server using the command line interface.

  2. Create an administrative username and password combination in your MySQL instance by running the following command:

     SQL

     CREATE USER 'entitle_service_account'@'%YOUR_DOMAIN%' IDENTIFIED BY 'password';
     GRANT ALL PRIVILEGES ON *.* TO 'entitle_service_account'@'%YOUR_DOMAIN%' WITH GRANT OPTION;
     FLUSH PRIVILEGES;
     

  3. Replace '%YOUR_DOMAIN%' with your MySQL instance domain.

  4. Copy the admin credentials, as you will use them later on.

Extract your organization’s instance host and port

1. Entitle requires your MySQL instance's host and port.
2. Copy these values, as you will use them later on.

Get your MySQL version

1. If you already know which MySQL version you have, you will add it to Entitle's configuration later.
2. Otherwise, run the following command in your MySQL command line interface - SELECT VERSION();.

Create the integration in Entitle

💡

Important

This applies to creating an integration either through Entitle on Pathfinder or through the Entitle standalone product.

1. Sign in to Entitle.
2. Navigate to the Integrations page.
3. Click Add Integration.
4. In the Application field, enter MySQL.
5. In the Save on dropdown, select Entitle cloud or your hosted agent.

6. In the Connection field:
   1. user: Insert your admin username.
   2. password: Insert your admin password.
   3. host: Insert your instance host.
   4. port: Insert your host port. Otherwise, it will be set to 3306 by default.
   5. mysql_version: Insert your RDS/Non-RDS MySQL version.
   6. For MySQL version 5.7.x - 5.7.
   7. For MySQL version 8.0.x - 8.0.

Example Configuration JSON:

{
    "user": "<ADMIN_USERNAME>",
    "password": "<ADMIN_PASSWORD>",
    "host": "<HOST>",
    "port": 3306,
    "mysql_version": "<YOUR_MYSQL_VERSION>" (either 5.7 or 8.0)
}

7. Click Save.