Review the permissions required to create integrations across your database instances.
Early Access release
Table 1. MySQL permissions
| Capability |
Privileges required |
| Baseline (all setups) |
SELECT on mysql.user, SELECT on
mysql.role_edges (8.0+), SHOW DATABASES,
RELOAD |
| Credentials rotation |
CREATE USER (implicitly includes ALTER USER for password
changes) |
| Session termination |
CONNECTION_ADMIN (8.0+) or SUPER |
Table 2. PostgreSQL permissions
| Capability |
Privileges required |
Key PostgreSQL attribute |
| Credentials rotation |
CanCollectRoles, CanCollectUsers,
CanManageRoles |
CREATEROLE |
| Session termination |
rolsuper OR pg_signal_backend membership OR
EXECUTE on pg_terminate_backend(int) |
pg_signal_backend role (preferred) |
Table 3. Network access by environment
| Environment |
What to configure |
| AWS |
Security Group on the database instance: allow inbound on the DB port from the gateway's
private IP or security group. |
| GCP |
VPC Firewall rule: allow ingress on the DB port from the gateway instance. |
| Azure |
Network Security Group (NSG): allow inbound on the DB port from the gateway. |
| On-premises or self-hosted |
Firewall rules and routing: Configure required firewall rules and routing between the gateway
host and the database host. |