Functional capabilities of MySQL integration

All operations that the integration can perform on the target system are listed under: ObserveID > Identity Automation > Integrations > {a specific MySQL integration} > Permissions > Operations Permissions

ObserveID provides an additional management layer over integration capabilities and enforces permission inheritance across integrations, allowing user-defined permission precedence to be configured for each operation. The table below outlines the integration operations available for MySQL.

MySQL integration operationsMySQL integration operations

Integration Operation

Description

Accessible with

Create Account

The MySQL integration can create accounts. It requires Additional Properties to be established for accounts. The Additional Properties are coded with Provisioning Rules. The Additional Properties mandatory on the creation of a MySQL account are:

  • Name

Access Request, Permanent Access Request, Temporary Access Request, Service Account Creation, Role Creation, Role Update, Identities Update, Onboarding, Reinstatement

Delete Account

The MySQL integration can delete accounts. The respective history records are stored for every Identity.

Account Removal, the Finish action on Temporary Access Request, Offboarding, Emergency Deprovisioning

Pull Data

Within the MySQL integration, the Integration Data is imported from MySQL to ObserveID. For what the Integration Data is fetched from the MySQL target, refer to the schema of MySQL integration data.

Data Import, Identities Update, most workflows

Grant and Revoke Account Entitlements

The MySQL entitlements that can be assigned or revoked are: - ServerRole

  • ServerGrant
  • DatabaseGrant

Permanent Access Request, Temporary Access Request, Manage Access, Role Creation, Role Update, Identities Update

Lock and Unlock Account

When the MySQL integration unlocks Privileged or Firecall accounts, it sets the usage period for the account. On the Finish button or on the end of the usage period, the unlocked account is locked back. When a MySQL account is unlocked, it shows the Account Unlock property on the MySQL target. And when the account is locked, the property shows Account Locked.

Privileged Unlock Request, Temporary Access Request, Firecall Unlock Request, Manage Access, Permanent Access Request

Test Connection

It is possible to troubleshoot if there is a connection between ObserveID and the MySQL target.

Data Import, Test Connection

Update Account Additional Properties

MySQL account properties can be updated if an Identity’s property has changed. Provisioning Rules can be configured to pass an Identity’s property to the MySQL account. The Additional Properties allowed on the update of a MySQL account are:

  • PasswordExpire

Identities Update

Update Account Credentials

A password can be set for an account on Account Creation, or updated with a workflow according to the Password Policy. For Privileged or Privileged Service account types, the password can be rotated.

The password is rotated if ‘yes’ is established for a MySQL account in its ‘Rotatable’ property.

Password Change Request, Privileged or Firecall Unlock Request