Functional capabilities of MySQL integration
All operations that the integration can perform on the target system are listed under: ObserveID > Identity Automation > Integrations > {a specific MySQL integration} > Permissions > Operations Permissions
ObserveID provides an additional management layer over integration capabilities and enforces permission inheritance across integrations, allowing user-defined permission precedence to be configured for each operation. The table below outlines the integration operations available for MySQL.
MySQL integration operations
|
Integration Operation |
Description |
Accessible with |
|
Create Account |
The MySQL integration can create accounts. It requires Additional Properties to be established for accounts. The Additional Properties are coded with Provisioning Rules. The Additional Properties mandatory on the creation of a MySQL account are:
|
Access Request, Permanent Access Request, Temporary Access Request, Service Account Creation, Role Creation, Role Update, Identities Update, Onboarding, Reinstatement |
|
Delete Account |
The MySQL integration can delete accounts. The respective history records are stored for every Identity. |
Account Removal, the Finish action on Temporary Access Request, Offboarding, Emergency Deprovisioning |
|
Pull Data |
Within the MySQL integration, the Integration Data is imported from MySQL to ObserveID. For what the Integration Data is fetched from the MySQL target, refer to the schema of MySQL integration data. |
Data Import, Identities Update, most workflows |
|
Grant and Revoke Account Entitlements |
The MySQL entitlements that can be assigned or revoked are: -
|
Permanent Access Request, Temporary Access Request, Manage Access, Role Creation, Role Update, Identities Update |
|
Lock and Unlock Account |
When the MySQL integration unlocks Privileged or Firecall accounts, it sets the usage period for the account. On the Finish button or on the end of the usage period, the unlocked account is locked back. When a MySQL account is unlocked, it shows the |
Privileged Unlock Request, Temporary Access Request, Firecall Unlock Request, Manage Access, Permanent Access Request |
|
Test Connection |
It is possible to troubleshoot if there is a connection between ObserveID and the MySQL target. |
Data Import, Test Connection |
|
Update Account Additional Properties |
MySQL account properties can be updated if an Identity’s property has changed. Provisioning Rules can be configured to pass an Identity’s property to the MySQL account. The Additional Properties allowed on the update of a MySQL account are:
|
Identities Update |
|
Update Account Credentials |
A password can be set for an account on Account Creation, or updated with a workflow according to the Password Policy. For Privileged or Privileged Service account types, the password can be rotated. The password is rotated if ‘yes’ is established for a MySQL account in its ‘Rotatable’ property. |
Password Change Request, Privileged or Firecall Unlock Request |