Database Connectors

Slim.io connects to your databases with read-only access to discover and classify sensitive data at the column level. Scanning uses adaptive sampling — not full table scans — so even tables with billions of rows are profiled efficiently.

Supported Databases

How Database Scanning Works

Schema-First Intelligence

Before sampling any data, Slim.io profiles the schema of every table in scope:

1. Column metadata analysis — Column names and data types are evaluated first. A column named ssn with a VARCHAR type is immediately flagged as high-risk, while an INTEGER column named order_count is deprioritized.
2. Non-text column filtering — Columns with purely numeric, boolean, or binary types that cannot contain PII are automatically skipped, reducing scan time and cost.
3. Contextual signal boosting — Column names serve as contextual signals during classification. A value like 555-12-3456 in a column named tax_id receives higher confidence than the same value in a column named notes.

This schema-first approach means Slim.io intelligently focuses scanning effort on the columns most likely to contain sensitive data.

Adaptive Sampling

Slim.io uses adaptive sampling to classify data without reading every row:

• Sample size scales with risk — Tables with high-risk column names receive larger samples for higher confidence. Low-risk tables receive smaller samples.
• Sample size scales with table size — Larger tables receive proportionally larger samples to maintain statistical confidence.
• Representative sampling — Rows are sampled across the full range of the table, not just the first N rows, to capture data distribution patterns.

Column-Level Findings

All findings are attributed to specific columns, not just tables. Each finding includes:

• The database, schema, and table name
• The specific column where sensitive data was detected
• The PII classification type (e.g., SSN, email, phone number, credit card)
• A confidence score based on pattern matching and contextual signals
• The number of matching rows found in the sample

Required Permissions

All database connectors require read-only access. Slim.io never writes to, modifies, or deletes data in your databases.

PostgreSQL

Create a read-only user with access to the schemas you want to scan:

CREATE ROLE slimio_scanner WITH LOGIN PASSWORD 'your-secure-password';
GRANT USAGE ON SCHEMA public TO slimio_scanner;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO slimio_scanner;

Slim.io needs SELECT permission on target tables and USAGE on target schemas. Access to information_schema is used to enumerate tables and columns.

MySQL

CREATE USER 'slimio_scanner'@'%' IDENTIFIED BY 'your-secure-password';
GRANT SELECT ON your_database.* TO 'slimio_scanner'@'%';

Slim.io needs SELECT permission on the target database.

Snowflake

CREATE ROLE SLIMIO_SCANNER;
GRANT USAGE ON WAREHOUSE your_warehouse TO ROLE SLIMIO_SCANNER;
GRANT USAGE ON DATABASE your_database TO ROLE SLIMIO_SCANNER;
GRANT USAGE ON ALL SCHEMAS IN DATABASE your_database TO ROLE SLIMIO_SCANNER;
GRANT SELECT ON ALL TABLES IN DATABASE your_database TO ROLE SLIMIO_SCANNER;
 
CREATE USER SLIMIO_SCANNER
  PASSWORD = 'your-secure-password'
  DEFAULT_ROLE = SLIMIO_SCANNER
  DEFAULT_WAREHOUSE = your_warehouse;
 
GRANT ROLE SLIMIO_SCANNER TO USER SLIMIO_SCANNER;

Slim.io needs USAGE on the warehouse, database, and schemas, plus SELECT on target tables.

SQL Server (MSSQL)

CREATE LOGIN slimio_scanner WITH PASSWORD = 'your-secure-password';
CREATE USER slimio_scanner FOR LOGIN slimio_scanner;
GRANT SELECT TO slimio_scanner;
GRANT VIEW DEFINITION TO slimio_scanner;

Oracle

CREATE USER slimio_scanner IDENTIFIED BY "your-secure-password";
GRANT CREATE SESSION TO slimio_scanner;
GRANT SELECT ANY TABLE TO slimio_scanner;

For tighter scoping, grant SELECT on specific tables instead of SELECT ANY TABLE.

IBM DB2

GRANT CONNECT ON DATABASE TO USER slimio_scanner;
GRANT SELECT ON TABLE schema.table_name TO USER slimio_scanner;

Databricks

Generate a personal access token or configure OAuth in your Databricks workspace. The token user needs:

• SELECT access on target catalogs, schemas, and tables (Unity Catalog)
• Or CAN_READ permission on the target cluster and data objects (legacy ACLs)

Provide the workspace URL and HTTP path for the SQL warehouse or cluster.

Connector Configuration

1. Navigate to Connectors > Add Connector in the Customer Dashboard.
2. Select the database type.
3. Enter connection details: host, port, database name, and credentials.
4. Optionally scope the scan to specific schemas or tables.
5. Click Test Connection to validate connectivity and permissions.

If the test succeeds, the connector status changes to Active and you can trigger your first scan.

Network Configuration

Slim.io connects to your database over the network. Ensure that:

• Your database is reachable from the internet or via a VPC peering / private connectivity arrangement
• Firewall rules allow inbound connections from Slim.io’s IP ranges (available in your account settings)
• TLS/SSL is enabled on the database connection (enforced by default)

Troubleshooting

”Connection Refused” on Test Connection

• Verify the host, port, and database name are correct
• Check that firewall rules allow inbound connections from Slim.io’s IP ranges
• Ensure the database is running and accepting connections

”Permission Denied” During Scan

• Verify the service account has SELECT permission on the target tables
• Check that schema-level USAGE or equivalent permissions are granted
• For Snowflake, ensure the warehouse is running and the role has USAGE on it

Scan Returns No Findings

• Confirm the target schemas and tables contain text or string columns
• Check that the connector scope includes the correct schemas
• Verify the tables are not empty

Next Steps

• Run Your First Scan — Trigger a scan on this connector
• Scanning Configuration — Customize sample sizes and scan behavior