# MySQL
## Supported Capabilities
{% tabs %}
{% tab title="Supported Capabilities" %}
**General**
* **Metadata** — metadata extraction and display of asset information (tables, columns, schemas). Types collected: Schema, Table, Column, View
* **Profiling** — data profiling on the Profiler tab
* **Preview** — sample data preview
* **Data Quality** — data quality monitoring and observability
* **View Table** — view tables, which are virtual tables based on SQL queries
**Data Quality Monitors**
* Freshness
* Volume
* Field Health
* Custom SQL
* Schema Drift
**Lineage**
* **View Table Lineage** — tracks virtual tables (views) and their data dependencies
* **Foreign Key Lineage** — tracks relationships between tables via primary and foreign keys
{% endtab %}
{% tab title="Not Supported" %}
**General**
* Configurable Collection
* External Table
* Stored Procedure
**Data Quality Monitors**
* Job Failure
**Lineage**
* External Table Lineage
* SQL Query Lineage
* Stored Procedure Lineage
{% endtab %}
{% endtabs %}
## Connection Requirements
Connecting to decube is as easy as providing us with credentials to your MySQL database. At a minimum, we require
* `username`
* `password`
* `host address`
* `host port`
* `database name`
MySQL
The `source name` will be for you to differentiate and recognize particular sources within the decube application.
We strongly encourage you to create a decube **read-only** user for this credential purpose, which you can follow [here](#custom-user-for-decube).
## **Security Concerns**
If access to your database is protected by security measures, we allow for connecting via [SSH Tunneling](https://docs.decube.io/how-to-connect-data-sources/enabling-vpc-access/ssh-tunneling) or you could [whitelist our IP](https://docs.decube.io/how-to-connect-data-sources/enabling-vpc-access/ip-whitelisting). See more [here.](https://docs.decube.io/how-to-connect-data-sources/enabling-vpc-access)
### Configuring a Custom MySQL User
Creating a dedicated database user for Decube is the recommended approach. This follows the principle of least privilege, ensuring Decube has only the specific permissions it needs to monitor your data without risking broader database security.
#### 1. Create the Decube User
Run the following command to initialize the user. Replace `` with Decube's IP (or `%` for any host) and set a strong password.
```sql
CREATE USER 'decube'@'' IDENTIFIED BY '';
```
#### 2. Assign Necessary Permissions
Decube requires specific privileges to read metadata and monitor table health.
**Data Access (SELECT)**
You must grant `SELECT` access to the tables you wish to observe. Use a wildcard (`*`) for the entire database or specify individual tables.
* For the entire database:
```sql
GRANT SELECT ON .* TO 'decube'@'';
```
* For specific tables only:
```sql
GRANT SELECT ON .
TO 'decube'@'';
```
**View Metadata Access (SHOW VIEW)**
To monitor and process MySQL Views, Decube requires the `SHOW VIEW` privilege at the database level. Without this, Decube cannot ingest view definitions.
```sql
GRANT SHOW VIEW ON .* TO 'decube'@'';
```
## Use your own SSL CA Cert
Upload SSL CA File
If your database enforces SSL connection, you can provide your own CA Cert file by choosing `Use Customer CA Cert`and uploading a CA Cert.
This works for AWS RDS Aurora MySQL instances as well. To see where to retrieve your Aurora certificates, please use this [guide from AWS](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.SSL.html)
