Roles and Permissions
Bytebase has two disjoint set of roles:
- Workspace roles:
- Project roles:
Workspace role and project role are disjoint, which means a Workspace Owner does not automatically assume a Project Owner. One must be granted a separate Project Owner role in order to obtain project specific permissions.
Except there is a break-glass rule, the Workspace Owner can also manage Project Role. You may wonder does it defeat the purpose of having disjoint workspace and project roles? We design this way because for most of the time, the Workspace Owner does not need to deal with any particular project, so it's prudent to limit the permissions to prevent mistakes. On the other hand, it may happen the Project needs to perform emergent admin operations and all existing Project Owners are not available, then the Workspace Owner can jump in.
By default, the first registered user is granted the
Owner role, all following registered users are granted
Owner can update any user's role later.
|Workspace level permission||Developer||DBA||Owner|
|Change own name and password||✔️||✔️||✔️|
|View all members||✔️||✔️||✔️|
|View all environments||✔️||✔️||✔️|
|View all instances||✔️||✔️||✔️|
|View all databases||✔️||✔️||✔️|
|View all projects||✔️||✔️||✔️|
|View all issues||✔️||✔️||✔️|
|Add comment to all issues||✔️||✔️||✔️|
|Subscribe to all issues||✔️||✔️||✔️|
|Sync instance schema||✔️||✔️|
|Become issue assignee||✔️||✔️|
|Add new user||✔️|
|Change any user's role||✔️|
|Change any user's name and password||✔️|
|Edit external SQL console||✔️|
|Manage version control system (VCS) provider||✔️|
Any user can create project. By default, the project creator is granted the
Project Owner role.
Project Developer does not have any additional project level permissions. It's for the sidebar to list the projects where the user is a member, as well as the databases belonged to those projects.
|Project level permission||Project Developer||Project Owner||Workspace Owner|
|Change any user's project role||✔️||✔️|
|Configure UI/Version control workflow||✔️|
Bytebase does not define database specific roles. Whether a user can perform certain action to the database is based on the user's Workspace role and the role of the project owning the database.
|Database level permission||Project Developer||Project Owner||Workspace Developer||Workspace DBA||Workspace Owner|
|Take manual backup||✔️||✔️||✔️||✔️|