Database Permission
Overview
Tutorial: Just-in-Time Database Access
Bytebase is a middleware sitting between users and databases. It provides a fine-grained database permissions. Bytebase enforces database permissions via change approval flow and SQL Editor. You can use Bytebase to manage persistent database permissions as well as implement Just-in-Time (JIT) database access workflow.
Database permission controls individual users’ or groups’ actions within the database. Below shows the built-in roles’ database permissions.
| Role | EXPLAIN | Query | Export | Mutation DML | DDL | Admin |
|---|---|---|---|---|---|---|
| Workspace Admin | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Workspace DBA | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| Project Owner | ✅ | ✅ | ✅ | ✅ | ✅ | |
| Project Developer | * | * | ||||
| SQL Editor User | ✅ | ✅ | ✅ | ✅ | ||
| Project Exporter | ✅ | |||||
| Project Releaser | ||||||
| Project Viewer |
* Project Developers can’t execute DML and DDL directly in SQL Editor. On the other hand, they can request DML/DDL change by creating an issue.
You can also pick out specific permissions to build custom roles. e.g. create a custom role that grants only the EXPLAIN permission.
| Access Level | Operation | Permission |
|---|---|---|
| Read | EXPLAIN | sql.explain |
| Query | sql.select | |
| Export | sql.export | |
| Write (subject to execution mode) | Mutation DML | sql.dml |
| DDL | sql.ddl | |
| Admin | Admin | sql.admin |
| Request change for review | Create Issue | issues.create |