Connect a Database
This guide walks you through connecting a database to Slim.io for PII scanning. Slim.io supports PostgreSQL, MySQL, Snowflake, SQL Server, Oracle, IBM DB2, and Databricks.
Time required: 5–15 minutes
Prerequisites:
- Database admin access to create a read-only user
- Network connectivity between your database and Slim.io (or a BYOC agent)
- Slim.io Customer Dashboard access
Supported Databases
| Database | Auth Method | Default Port |
|---|---|---|
| PostgreSQL | Username / Password | 5432 |
| MySQL | Username / Password | 3306 |
| Snowflake | Username / Password | 443 |
| SQL Server | Username / Password | 1433 |
| Oracle | Username / Password | 1521 |
| IBM DB2 | Username / Password | 50000 |
| Databricks | Personal Access Token | 443 |
Step 1: Create a Read-Only Database User
Before connecting, create a dedicated read-only user for Slim.io. This follows the principle of least privilege — Slim.io only needs SELECT access to scan for PII.
PostgreSQL
CREATE ROLE slimio_scanner LOGIN PASSWORD 'your-secure-password';
GRANT USAGE ON SCHEMA public TO slimio_scanner;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO slimio_scanner;
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT ON TABLES TO slimio_scanner;MySQL
CREATE USER 'slimio_scanner'@'%' IDENTIFIED BY 'your-secure-password';
GRANT SELECT ON your_database.* TO 'slimio_scanner'@'%';
FLUSH PRIVILEGES;Snowflake
CREATE ROLE SLIMIO_SCANNER;
CREATE USER SLIMIO_USER PASSWORD='your-secure-password'
DEFAULT_ROLE=SLIMIO_SCANNER;
GRANT ROLE SLIMIO_SCANNER TO USER SLIMIO_USER;
GRANT USAGE ON WAREHOUSE YOUR_WAREHOUSE TO ROLE SLIMIO_SCANNER;
GRANT USAGE ON DATABASE YOUR_DATABASE TO ROLE SLIMIO_SCANNER;
GRANT USAGE ON ALL SCHEMAS IN DATABASE YOUR_DATABASE TO ROLE SLIMIO_SCANNER;
GRANT SELECT ON ALL TABLES IN DATABASE YOUR_DATABASE TO ROLE SLIMIO_SCANNER;SQL Server
CREATE LOGIN slimio_scanner WITH PASSWORD = 'your-secure-password';
CREATE USER slimio_scanner FOR LOGIN slimio_scanner;
GRANT SELECT TO slimio_scanner;Oracle
CREATE USER slimio_scanner IDENTIFIED BY "your-secure-password";
GRANT CREATE SESSION TO slimio_scanner;
GRANT SELECT ANY TABLE TO slimio_scanner;IBM DB2
GRANT CONNECT ON DATABASE TO USER slimio_scanner;
GRANT SELECT ON TABLE schema_name.* TO USER slimio_scanner;Databricks
For Databricks, generate a Personal Access Token instead of a database user:
- Log in to your Databricks workspace.
- Click your profile icon and select Settings.
- Go to Developer > Access Tokens.
- Click Generate New Token, add a description (e.g., “Slim.io Scanner”), and set an expiration.
- Copy the token immediately — it will not be shown again.
Store your database credentials securely. Slim.io encrypts all credentials at rest using AES-256 and never stores plaintext passwords.
Step 2: Start the Connector Wizard
- Log in to the Slim.io Customer Dashboard at
/dash/. - Navigate to Connectors in the sidebar.
- Click Add Connector, or click the database provider tile in the Available Integrations grid.
- Select your database provider (PostgreSQL, MySQL, Snowflake, etc.).
Step 3: Enter Connection Details
The wizard displays a configuration form specific to your database type.
PostgreSQL, MySQL, SQL Server, Oracle, DB2
| Field | Description | Example |
|---|---|---|
| Connector Name | A friendly name for this connection | Production PostgreSQL |
| Host | Database hostname or IP address | db.example.com |
| Port | Connection port (pre-filled with the default) | 5432 |
| Database | Database name to scan | myapp_production |
| Username | The read-only user you created | slimio_scanner |
| Password | The user’s password | |
| SSL | Enable SSL/TLS encryption (recommended) | Toggle on |
Snowflake
| Field | Description | Example |
|---|---|---|
| Connector Name | A friendly name for this connection | Snowflake Analytics |
| Account Identifier | Your Snowflake account locator | xy12345.us-east-1 |
| Username | The Snowflake user you created | SLIMIO_USER |
| Password | The user’s password | |
| Warehouse | Compute warehouse for scanning queries | COMPUTE_WH |
| Role | The role with SELECT permissions | SLIMIO_SCANNER |
| Database | Database to scan | ANALYTICS_DB |
Databricks
| Field | Description | Example |
|---|---|---|
| Connector Name | A friendly name for this connection | Databricks Lakehouse |
| Workspace URL | Your Databricks workspace URL | https://dbc-abc123.cloud.databricks.com |
| Personal Access Token | The token you generated | dapi... |
| Catalog | Unity Catalog name (optional) | main |
For databases behind a firewall or VPN, deploy a BYOC Agent inside your network. The agent connects to your database locally and sends only finding metadata (column names, PII types, confidence scores) back to Slim.io — raw data never leaves your environment.
Step 4: Test the Connection
- Click Test Connection in the wizard.
- Slim.io verifies it can connect, authenticate, and query
information_schema(or equivalent). - On success, you see a green confirmation with the number of discoverable tables.
If the test fails, check:
- Network access: Can the Slim.io service reach your database host and port?
- Credentials: Are the username and password correct?
- Permissions: Does the user have
SELECTaccess? - SSL: Does your database require SSL? Toggle the SSL switch accordingly.
Step 5: Create the Connector
- Click Connect to save the connector.
- The connector appears in your Connectors list with a Pending status.
- Status transitions to Active once the initial metadata enumeration completes.
Step 6: Verify and Scan
After the connector shows Active status:
- The connector appears in your Connectors list with the database provider icon
- You can trigger a scan immediately by clicking the Scan button
- Slim.io uses schema-first intelligence — it reads column metadata before scanning content, skipping non-text columns (timestamps, booleans, integers) automatically
- Findings are attributed to specific tables and columns
How Database Scanning Works
Slim.io’s database scanning is designed for enterprise scale:
- Schema Analysis — Reads
information_schemato understand column names and data types - Column Filtering — Skips columns that cannot contain PII (timestamps, booleans, auto-increment IDs)
- Column Name Intelligence — Columns named
email,ssn,phone, etc. receive a confidence boost - Adaptive Sampling — Sample size scales with table size and risk: high-risk tables get deeper scans
- Server-Side Cursors — Uses streaming cursors (
fetchmany) instead of loading full result sets into memory - Column-Level Findings — Every finding is attributed to a specific table and column for precise remediation
Troubleshooting
| Issue | Solution |
|---|---|
| ”Connection refused” | Verify the host, port, and that your database accepts remote connections. Check firewall rules and security groups. |
| ”Authentication failed” | Double-check the username and password. For Snowflake, verify the account identifier format. |
| ”Permission denied” | Ensure the user has SELECT access on the target schema/database. Re-run the GRANT statements. |
| ”SSL required” | Your database requires encrypted connections. Toggle SSL on in the wizard. |
| ”No tables found” | Verify the database name is correct and the user has USAGE permission on the schema. |
| ”Timeout” | The database may be behind a firewall. Consider deploying a BYOC Agent. |
Next Steps
- Run Your First Scan — Trigger a scan and review PII findings
- Create a Custom Classifier — Define patterns for organization-specific sensitive data
- Database Connector Reference — Deep-dive into schema-first scanning and per-database configuration
Last updated on