MySQL Service Account
Reverse Migrations only needs to read schema metadata — tables, columns, data types, constraints, and indexes. It never reads the actual rows in your tables.
1. Create the service account
Connect to your MySQL server as an administrator (for example root) and run:
CREATE USER 'reverse_migrations'@'%' IDENTIFIED BY 'a-strong-password';
Restrict the host (
%) to your application servers if possible, e.g.'reverse_migrations'@'10.0.0.%'.
2. Grant schema introspection privileges
MySQL’s INFORMATION_SCHEMA is a virtual database that filters results based on the privileges you hold. To see table and column metadata, the account must have the SELECT privilege on the real database(s) you want to introspect.
Run the following for each database you want to use:
GRANT SELECT ON your_database.* TO 'reverse_migrations'@'%';
Important security note: MySQL does not provide a built-in “metadata-only” privilege. Granting
SELECTon a database allows this account to read the data inside the tables as well as the schema. We recommend:
- Restricting the account to the specific database(s) Reverse Migrations needs.
- Using a strong, unique password and limiting the host mask.
- If your security model requires stricter isolation, consider creating a dedicated read-replica or using a proxy that filters queries.
3. Verify the account works
Log in as reverse_migrations and confirm you can read schema information:
USE your_database;
SHOW TABLES;
DESCRIBE some_table;
SHOW INDEX FROM some_table;
4. Use this credential in the dashboard
Copy the username (reverse_migrations) and password into the Reverse Migrations dashboard when you add your MySQL database.