> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bytebase.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

<Card title="Tutorial: Just-in-Time Database Access" icon="graduation-cap" href="/tutorials/just-in-time-database-access-part1" horizontal />

Bytebase is a middleware sitting between users and databases. It provides a fine-grained database permissions. Bytebase enforces
database permissions via [change approval flow](/change-database/change-workflow/) and [SQL Editor](/sql-editor/overview/).
You can use Bytebase to manage persistent database permissions as well as implement a [Just-in-Time (JIT) database access](/security/database-permission/just-in-time/) workflow.

***

Database permission controls individual users' or groups' actions within the database. Below shows the built-in roles' database permissions.

| Role              | EXPLAIN | Query | Export | Mutation DML | DDL | Admin |
| ----------------- | ------- | ----- | ------ | ------------ | --- | ----- |
| Workspace Admin   | ✅       | ✅     | ✅      | ✅            | ✅   | ✅     |
| Workspace DBA     | ✅       | ✅     | ✅      | ✅            | ✅   | ✅     |
| Project Owner     | ✅       | ✅     | ✅      | ✅            | ✅   |       |
| Project Developer |         |       | \*1    | \*2          | \*2 |       |
| SQL Editor User   | ✅       | ✅     | ✅      | \*3          | \*3 |       |
| Project Releaser  |         |       |        |              |     |       |
| Project Viewer    |         |       |        |              |     |       |

\*1 ***Project Developer** can request a time-boxed export through [just-in-time data export](/security/database-permission/just-in-time#just-in-time-data-export). **SQL Editor User** can export directly from SQL Editor.*

\*2 ***Project Developer** don’t have SQL Editor access and should request DDL/DML changes through an issue.*

\*3 ***SQL Editor User** can run DDL/DML in SQL Editor unless restricted by [environment policy](/change-database/environment-policy/overview#statement-execution-mode), but it’s recommended to make these changes through issues for better traceability.*

***

You can also pick out specific permissions to build [custom roles](/administration/roles). e.g. create a custom role that grants only the `EXPLAIN` permission.

| Access Level                                                                                      | Operation    | Permission      |
| ------------------------------------------------------------------------------------------------- | ------------ | --------------- |
| [Read](/sql-editor/run-queries/)                                                                  | EXPLAIN      | `sql.explain`   |
|                                                                                                   | Query        | `sql.select`    |
| Write (subject to [execution mode](/change-database/environment-policy/overview/#execution-mode)) | Mutation DML | `sql.dml`       |
|                                                                                                   | DDL          | `sql.ddl`       |
| [Admin](/sql-editor/admin-mode/)                                                                  | Admin        | `sql.admin`     |
| Request change for review                                                                         | Create Issue | `issues.create` |
