Connecting to MySQL
Privacy Dynamics can connect to your MySQL database. This guide helps you authenticate and authorize Privacy Dynamics to access your data in MySQL.
Requirements
To complete this guide, you will need the following:
- A MySQL database.
- A MySQL user with the CREATE USER and ROLE_ADMIN privileges.
- A Privacy Dynamics account.
Instructions
Before you can connect to MySQL in Privacy Dynamics, you will want to create a new service account user and role for Privacy Dynamics to use.
Configure Your MySQL Database
This first script creates a role and user for Privacy Dynamics to use. It will return the password generated for the user. Leave the window open or copy the password to a safe place, since you will need that for the next step.
create role anonymizer;
revoke
all privileges,
grant option
from anonymizer;
create user svc_pvcy
identified by random password
default role anonymizer;
The following script completes the setup for our service account. You will need to customize this with the names of your databases and service account user, and then execute it in your database with a privileged user.
-- CONFIGURE ORIGIN DATABASE(s)
-- any existing databases that you want us to read from need their own grants
grant select on raw_sensitive.* to anonymizer;
-- CONFIGURE DESTINATION DATABASE(s)
-- Option 1: Allow us to create new databases and tables and insert data
-- into them
grant create on *.* to anonymizer;
grant drop on *.* to anonymizer;
grant insert on *.* to anonymizer;
-- You need to explicitly revoke these privileges on any existing
-- databases you do not want us to be able to create/drop/insert on
revoke create on raw_sensitive.* from anonymizer;
revoke drop on raw_sensitive.* from anonymizer;
revoke insert on raw_sensitive.* from anonymizer;
-- Option 2: Allow us to write to an existing database
grant create on privacy_safe.* to anonymizer;
grant drop on privacy_safe.* to anonymizer;
grant insert on privacy_safe.* to anonymizer;
-- GRANT ROLE TO USER
grant anonymizer to svc_pvcy;
Add the MySQL Connection in Privacy Dynamics
- Sign in to your Privacy Dynamics account.
- Go to the Connections page.
- Select Add Connection.
- Choose MySQL and select Next.
- Enter the connection details:
- Name - a name for you to identify the connection.
- Host - the endpoint, without the port or database name.
- Port - the port we use to connect to your database. The default is
3306
. - Username - the username of the service account we created earlier (
svc_pvcy
). - Password - the password for the service account user.
- Select TEST CONNECTION to verify the credentials.
- Select ADD CONNECTION and your connection saves if there are no errors.
Using SSH Forwarding
Privacy Dynamics supports the use of an SSH "jump box" or bastion host for MySQL connections. When creating the connection, select Use SSH, and then supply the SSH Host, SSH Port, SSH Username, and SSH Private Key fields. For more details and a tutorial on using SSH with Privacy Dynamics, please see this walkthrough video.
Other Configuration
If you have network access controls in place that limit connections to MySQL or your SSH bastion host, you will need to add Privacy Dynamics' IP addresses to your Allowlist. You can find those IP addresses in this public JSON file.