# Database Access Control

> Govern how users query, view, and export database data with centralized access control, approvals, and built-in data protection.

Source: https://www.bytebase.com/database-access-control/

---

## Database access, without the chaos

Govern how users query, view, and export database data with centralized access control, approvals, and built-in data protection.

## How database access is requested, approved, and enforced

### Request, Review & Approve: Request access with least privilege and time-bound controls

Developers request database access directly in Bytebase—defining what they need, where, and for how long.

- **Just-in-Time (JIT) access**: Grant time-bound access that expires automatically
- **Granular permissions**: Control access by role, environment, project, and database
- **Workspace & project-level access**: Assign custom roles across workspaces and projects

### Data Masking: Approve through policy-driven workflows

Ensure the right access is approved by the right people—before any data is exposed.

- **Review results**: See errors, warnings, and passed checks clearly
- **Configurable review policies**: Define rules that match your team's requirements
- **Custom approvals**: Route changes to the right approvers automatically

### Query & Access: Query data safely through a governed interface

Users access databases through Bytebase with built-in safeguards for sensitive data.

- **SQL editor**: Query databases from a secure, centralized editor
- **Dynamic data masking**: Mask sensitive columns based on access policy
- **Export**: Export query results only when explicitly permitted
- **AI assistant**: Write correct, efficient SQL faster with built-in assistance

## Clear roles, shared controls, and predictable workflows

| Role                    | Capability                           | Benefit                                                    |
| ----------------------- | ------------------------------------ | ---------------------------------------------------------- |
| Developers              | Get access without waiting           | Request self-service access without chasing credentials.   |
| Developers              | Debug safely in production           | Query real data without exposing sensitive fields.         |
| Developers              | Work from one interface              | Access multiple databases through a single, secure editor. |
| Security Engineers      | Enforce least privilege by default   | Access is scoped, time-bound, and policy-driven.           |
| Security Engineers      | Protect sensitive data automatically | Dynamic masking prevents exposure of PII and PHI.          |
| Security Engineers      | Maintain full auditability           | Every access request and query is logged and attributable. |
| Database Administrators | Eliminate shared credentials         | Remove passwords, admin accounts, and shadow access.       |
| Database Administrators | Centralize access management         | Define and manage permissions across all databases.        |
| Database Administrators | Reduce operational risk              | Control access without becoming a manual gatekeeper.       |

## Whitepaper

- [Just-in-Time Database Access: Best Practices for Enterprises](https://www.bytebase.com/whitepaper/just-in-time-database-access)

## Get Started

- [Contact us](https://www.bytebase.com/contact-us/)
- [Start now (cloud)](https://console.bytebase.com)