Guides
Start typing to search…

MySQL

my-sql Discover system accounts and their permissions

JDBC Connection String

jdbc:mysql://mysql.example.com:3306/mysql

Validate Credentials

SELECT 
    u.User as integration_specific_id,
    u.User as username,
    CONCAT(u.User, '@', u.Host) as email,
    CASE 
        WHEN u.account_locked = 'Y' THEN 'INACTIVE'
        WHEN u.password_expired = 'Y' THEN 'DEPROVISIONED'
        ELSE 'ACTIVE' 
    END as user_status,
    CASE 
        WHEN u.Host = 'localhost' THEN 'SERVICE'
        ELSE 'USER' 
    END as account_type
FROM mysql.user u 
LIMIT 1;

List Accounts

SELECT 
    u.User as integration_specific_id,
    u.User as username,
    CONCAT(u.User, '@', u.Host) as email,
    CASE 
        WHEN u.account_locked = 'Y' THEN 'INACTIVE'
        WHEN u.password_expired = 'Y' THEN 'DEPROVISIONED'
        ELSE 'ACTIVE' 
    END as user_status,
    CASE 
        WHEN u.Host = 'localhost' THEN 'SERVICE'
        ELSE 'USER' 
    END as account_type
FROM mysql.user u;

List Entitlements

SELECT DISTINCT
    CONCAT(privilege_type, '_', table_schema) as integration_specific_id,
    table_schema as integration_specific_resource_id,
    CASE 
        WHEN is_grantable = 'YES' THEN 'GRANT'
        ELSE 'PRIVILEGE'
    END as entitlement_type,
    CONCAT(privilege_type, ' ON ', table_schema) as label,
    true as is_assignable
FROM information_schema.schema_privileges
UNION
SELECT DISTINCT
    CONCAT('ROLE_', CONCAT(TO_USER, '@', TO_HOST)) as integration_specific_id,
    COALESCE(SCHEMA_NAME, '') as integration_specific_resource_id,
    'ROLE' as entitlement_type,
    CONCAT('Role - ', TO_USER, '@', TO_HOST) as label,
    true as is_assignable
FROM mysql.role_edges
CROSS JOIN information_schema.schemata
WHERE SCHEMA_NAME NOT IN ('information_schema', 'performance_schema', 'sys')
UNION
SELECT DISTINCT
    CONCAT('GLOBAL_', privilege_type) as integration_specific_id,
    '' as integration_specific_resource_id,
    'GLOBAL_PRIVILEGE' as entitlement_type,
    privilege_type as label,
    true as is_assignable
FROM information_schema.user_privileges;

Find Entitlement Associations

SELECT 
    CONCAT(grantee) as account_id,
    CONCAT('GLOBAL_', privilege_type) as integration_specific_entitlement_id,
    '' as integration_specific_resource_id
FROM information_schema.user_privileges
UNION
SELECT 
    CONCAT(grantee) as account_id,
    CONCAT(privilege_type, '_', table_schema) as integration_specific_entitlement_id,
    table_schema as integration_specific_resource_id
FROM information_schema.schema_privileges
UNION
SELECT 
    CONCAT(FROM_USER, '@', FROM_HOST) as account_id,
    CONCAT('ROLE_', CONCAT(TO_USER, '@', TO_HOST)) as integration_specific_entitlement_id,
    '' as integration_specific_resource_id
FROM mysql.role_edges;

List Resources

SELECT 
    schema_name as integration_specific_id,
    schema_name as label,
    'DATABASE' as resource_type
FROM information_schema.schemata;

Updated 15 days ago