Skip to main content
Every role request and just-in-time access request carries an Expiration — how long the granted access stays valid before Bytebase revokes it automatically. A Workspace Admin can cap that duration, and members see a reminder before a granted role expires.

Maximum request expiration

A Workspace Admin can set the longest expiration any request is allowed to use, so members can’t grant themselves long-lived access. Go to Settings > General, find Maximum request expiration, and set the number of days. Select Never expires to remove the cap. The cap applies to every project role grant except the Project Owner role, and to all data access requests. A request whose expiration exceeds the maximum is rejected — the request drawer only offers durations within the cap.
Setting a maximum request expiration requires the bb.settings.setWorkspaceProfile permission — for example a Workspace Admin.

Role expiration reminder

Users assigned a project role with a limited duration will see a persistent reminder starting two days before the role expires, which remains visible until dismissed. Role expiration reminder shown two days before a granted role expires