Learn how to use the Bytebase API to inspect user and database permissions.
localhost:8080
. Register the first admin account which will be granted Workspace Admin
.
Workspace Admin
, and go to IAM & Admin > Users & Groups. Click + Add User, fill in with api-sample
, choose the Workspace DBA
role sufficient for this tutorial and click Confirm.
env-template.local
to .env.local
.Update the variables.
NEXT_PUBLIC_BB_URL
: http://localhost:8080
NEXT_PUBLIC_BB_SERVICE_ACCOUNT
: api-example
NEXT_PUBLIC_BB_SERVICE_KEY
: service key copied in previous steppermission-check
, and run the following commands to start the demo application.
page.tsx
, we fetch all roles by calling the /v1/roles API before any user selection.
db-fetch-user-permission.tsx
, after the user selects a project, database, and permission, we filter the roles with the given permission:
condition
field for fine-grained access control. For example:
SQL Editor User
role only for the hr_test
database in test-sample-instance
.
parseCelExpression
function:
parseCelExpression
, adapted from Bytebase’s CEL plugin and cel.ts, parses the condition expression string. It is primarily based on the convertFromCELString
function in cel.ts, though you could use convertFromExpr
to create your own. The function returns an array of database resources with their associated expiration times. This function and related CEL parsing logic are implemented in a custom plugins/cel
folder within the demo project.
members
array may include both users and groups. To handle groups, use the v1/groups API:
page.tsx
.
user-fetch-db-permission.tsx
, filter roles based on the selected permission: