MySQL

Overview

LightBeam Spectra users can connect various data sources to the LightBeam application and these data sources will be continuously monitored for PII, PHI data.

Example: MySQL, MS SQL, Snowflake, SMB, etc.

Onboarding MySQL Data Source

1. Click on Add Data Source.

1. Search for “MySQL”.

1. Click on MySQL.

1. Configure Basic Details

   1. In the Basic Details section, fill out the following fields:

      • Instance Name: Enter a unique name for the MySQL data source (e.g., MySQL-Datasource).

      • Primary Owner: Provide the email address of the individual responsible for this data source (e.g., demo@lightbeam.ai).

      • Source of Truth (Optional): Toggle this option if the MySQL data source serves as the single point of truth for validating other data sources.

      • Description (Optional): Add a brief description (e.g., "MySQL Datasource Instance").

1. Enter Connection Details

   1. In the Connection section, provide the following details:

      • Username: The MySQL user account name.

      • Password: The password for the specified username.

      • Host: The hostname or IP address of the MySQL server.

      • Port: Specify the port for MySQL. Use the default port (3306) or a custom port if applicable.

      • Encryption:

        • Encrypted: If selected, the options to upload SSL Certificate, SSL Key, and SSL CA Certificate will appear. Upload these files to establish a secure connection.

        • Unencrypted: If selected, no additional SSL configuration is required.

      • SSL Certificate (Optional): Upload the SSL certificate file.

      • SSL Key (Optional): Upload the private key file for the SSL connection.

      • SSL CA Certificate (Optional): Upload the Certificate Authority (CA) file to validate the MySQL server.

1. Click on Test Connection.

2. Verify that you get the message “Connection Success!” on the screen. Click on Next.

On the next screen, please select databases that you wish to scan from the list.

Now we are ready to connect to the test database and proceed.

APPENDIX

Troubleshooting

If you don’t see any data being scanned without error, it might be a permission issue. Consider running a SELECT * query on a table and see if you are able to see the data. If you see a message of permission denied, consider granting the permission to the user.

Minimal permissions setup

We require the following permissions to scan only a subset of the databases for the instance:

• Connect permissions

• For each database - SELECT permissions

Use the following script to create a user with such permissions. In this example, we are creating a user with permissions to connect to the LightBeam database.

User with restricted permissions for a single database

CREATE USER 'test'@'ipaddress or %' IDENTIFIED BY 'lbadmin12345';
GRANT SELECT ON lightbeam.* TO 'test'@'ipaddress or %';
FLUSH PRIVILEGES;

The LightBeam UI selection list will only display databases that are added using the second query, which is:

GRANT SELECT ON lightbeam.* TO 'test'@'ipaddress or %';

Use the newly formed user to register the MySQL datasource.

Full permissions setup

If you want to, you can scan all the databases and allow wider scope permissions. LightBeam recommends a full read-only user that can access a list of databases, connect to every database and read data.

Validate permissions to the database

Next, the user needs to validate these permissions to the database. This ensures authorized access to the database by the credentials provided by the user. After validating the permissions to the database, the user can configure LightBeam Spectra on the system.

Prerequisite

The following tools need to be installed on the system in order to verify database permissions.

• Git

• MySQL tool

Steps

2. Go into sql_user_check_mysql/ directory

3. Please refer to the README.md file in the directory for detailed instructions.

About LightBeam

LightBeam automates Privacy, Security, and AI Governance, so businesses can accelerate their growth in new markets. Leveraging generative AI, LightBeam has rapidly gained customers’ trust by pioneering a unique privacy-centric and automation-first approach to security. Unlike siloed solutions, LightBeam ties together sensitive data cataloging, control, and compliance across structured and unstructured data applications providing 360-visibility, redaction, self-service DSRs, and automated ROPA reporting ensuring ultimate protection against ransomware and accidental exposures while meeting data privacy obligations efficiently. LightBeam is on a mission to create a secure privacy-first world helping customers automate compliance against a patchwork of existing and emerging regulations.