Traditional SQL Clients | Bytebase Solution |
---|---|
Distributed Credentials: Stored locally in plain text, manual revocation, multiple copies | Centralized Credentials: Never leave platform, SSO authentication, directory sync, instant revocation |
No Fine-Grained Access: All-or-nothing database access, no table/column restrictions | Granular Control: Database, schema, table-level restrictions with column masking |
Missing Audit Trails: Zero visibility, no centralized logging, compliance violations | Complete Auditing: Every query, change, and admin action logged with full context |
Time-Based Access Gaps: No temporary access, permanent until revoked | Just-in-Time Access: Request-based temporary access with approval workflows |
Test | Prod | |
---|---|---|
Allow running DDL | ✅ | ❌ |
Allow running data-modifying DML | ✅ | ❌ |
SQL Editor User
role to the user inside
the project.
SQL Editor User
as the role.SQL Editor User
is a built-in role that allows users to run EXPLAIN
and SELECT
. If you want to allow users
to run EXPLAIN
only, you can create a custom role with bb.sql.explain
permission.Project Exporter
role to the user inside the project.
Test | Prod | |
---|---|---|
Allow running DDL | ✅ | ❌ |
Allow running data-modifying DML | ✅ | ❌ |
Fine-grained EXPLAIN, Query, Export | ✅ | ✅ |
Just-in-Time Access | ✅ | ✅ |
Audit Logging | ✅ | ✅ |