Skip to main content

Tutorial: Just-in-Time Database Access

 Bytebase is a middleware sitting between users and databases. It provides a fine-grained database permissions. Bytebase enforces database permissions via change approval flow and SQL Editor. You can use Bytebase to manage persistent database permissions as well as implement Just-in-Time (JIT) database access workflow.
Database permission controls individual users’ or groups’ actions within the database. Below shows the built-in roles’ database permissions.
RoleEXPLAINQueryExportMutation DMLDDLAdmin
Workspace Admin
Workspace DBA
Project Owner
Project Developer*1*2*2
SQL Editor User*3*3
Project Releaser
Project Viewer
*1 Project Developer can create Export issues for one-time exports. While SQL Editor User can export directly from SQL Editor. *2 Project Developer don’t have SQL Editor access and should request DDL/DML changes through an issue. *3 SQL Editor User can run DDL/DML in SQL Editor unless restricted by environment policy, but it’s recommended to make these changes through issues for better traceability.
You can also pick out specific permissions to build custom roles. e.g. create a custom role that grants only the EXPLAIN permission.
Access LevelOperationPermission
ReadEXPLAINsql.explain
Querysql.select
Write (subject to execution mode)Mutation DMLsql.dml
DDLsql.ddl
AdminAdminsql.admin
Request change for reviewCreate Issueissues.create