Grant database access on request, expire it automatically

Just-in-time database access grants a user the database privileges they need only when they need them, for a bounded window, and revokes them automatically when the window closes. Instead of standing accounts that accumulate permissions, access is requested per task, approved, scoped to least privilege, time-boxed, and fully logged.

Standing access is granted once and persists indefinitely — it's the credential that's still active months after the task that needed it. JIT access flips that default: nothing is standing. Access is issued on request for a specific scope and duration and expires on its own, so the access surface at any moment is only what's actively in use.

A developer requests access to a specific database in-product, with a reason and a duration. An approver — a peer, a DBA, or an automated policy — grants it; high-risk targets route to a human while routine ones can auto-approve. Access unlocks for the requested window, every query is logged, and it revokes automatically when the window ends.

Yes. A JIT grant doesn't bypass the rest of governance. Dynamic data masking still redacts sensitive columns, SQL review still runs on changes, and every action stays in the audit log — so on-demand access is still least-privilege and accountable, not a temporary superuser.

Bytebase applies the same request, approval, scoping, and expiry model across PostgreSQL, MySQL, SQL Server, Oracle, and 20+ engines — one access workflow regardless of which database the grant is for.

Yes. Bytebase runs in your own infrastructure as a single Docker image, so your data and database credentials never leave your network, and it's open-source.