Database Permission
Bytebase is a middleware sitting between users and databases. It provides a fine-grained database permissions. Bytebase enforces database permissions via change approval flow and SQL Editor. You can use Bytebase to manage persistent database permissions as well as implement Just-in-Time (JIT) database access workflow.
Database permission controls individual users' or groups' actions within the database. Below shows the built-in roles' database permissions.
Role | EXPLAIN | Query | Export | Mutation DML | DDL | Admin |
---|---|---|---|---|---|---|
Workspace Admin | â | â | â | â | â | â |
Workspace DBA | â | â | â | â | â | â |
Project Owner | â | â | â | â | â | |
Project Developer | * | * | ||||
Project Querier | â | â | â | â | ||
Project Exporter | â | |||||
Project Releaser | ||||||
Project Viewer |
* Project Developers can't execute DML and DDL directly in SQL Editor. On the other hand, they can request DML/DDL change by creating an issue.
You can also pick out specific permissions to build custom roles. e.g. create a custom role that grants only the EXPLAIN permission.
Access Level | Operation | Permission |
---|---|---|
Read | EXPLAIN | sql.explain |
Query | sql.select | |
Export | sql.export | |
Write (subject to execution mode) | Mutation DML | sql.dml |
DDL | sql.ddl | |
Admin | Admin | sql.admin |
Request change for review | Create Issue | issues.create |