Role-Based Access Control
Granular permission management and access control for your database infrastructure
Overview
DB24x7's Role-Based Access Control (RBAC) system provides fine-grained control over who can access what resources and perform which actions. This ensures that users have the minimum necessary permissions to perform their tasks, following the principle of least privilege.
Hierarchical Roles
Pre-defined and custom role hierarchy
Granular Permissions
Control access at resource level
Team Management
Organize users into teams with shared access
Pre-defined Roles
DB24x7 comes with three built-in roles that cover most common use cases. These roles cannot be deleted but can be used as templates for custom roles.
Administrator
Full system access and control
Permissions
Use with caution: This role has unrestricted access. Assign only to trusted users who need full control.
Analyst
Query and analyze data with limited modifications
Permissions
Restrictions
Viewer
Read-only access for monitoring and reporting
Permissions
Restrictions
Custom Role Creation
Create custom roles tailored to your organization's specific needs. Custom roles allow you to combine permissions in ways that match your team structure and workflows.
Enterprise Feature
Custom role creation is available on Enterprise plans. Contact sales to upgrade your plan.
Creating a Custom Role
- Navigate to Settings Organization Roles & Permissions
- Click "Create Custom Role"
- Provide a name and description for the role
- Select base role to inherit permissions (optional)
- Configure specific permissions using the permission builder
- Set database-level access controls
- Review and save the custom role
Permission Categories
Database Operations
- • Connect to databases
- • Execute SELECT queries
- • Execute INSERT/UPDATE/DELETE queries
- • Modify schema (DDL operations)
- • Manage indexes and constraints
Monitoring & Analytics
- • View performance metrics
- • Create and edit dashboards
- • Configure alerts
- • Access query analytics
- • Export reports
Administrative
- • Manage users and teams
- • Configure roles and permissions
- • Access audit logs
- • Manage integrations
- • Billing and subscription settings
API & Automation
- • Generate API keys
- • Configure webhooks
- • Manage scheduled tasks
- • Access API endpoints
- • Execute automation scripts
Permission Levels
Permissions in DB24x7 operate on a granular level, allowing precise control over user capabilities.
None
No access to the resource or action. Users cannot view or interact with this resource.
Read
View-only access. Users can see the resource but cannot make any modifications. Ideal for monitoring and reporting roles.
Write
Create and modify resources. Includes read permissions. Cannot delete resources or change critical settings.
Admin
Full control over the resource including create, read, update, delete, and configuration changes. Use sparingly.
Database-Level Access Control
Control access to specific databases, schemas, or even individual tables. This allows you to restrict sensitive data while providing broader access to other resources.
Access Control Hierarchy
Organization Level
Global permissions that apply across all databases in the organization.
Database Instance Level
Permissions specific to a database instance. Overrides organization-level defaults.
Schema Level
Control access to specific schemas within a database. Useful for multi-tenant setups.
Table Level (Enterprise)
Fine-grained control over individual tables. Restrict access to sensitive tables.
Configuring Database Access
- Navigate to the database in your database list
- Click Settings Access Control
- Add users or roles to the access list
- Set permission level for each user/role (None, Read, Write, Admin)
- Save changes
Team Management
Organize users into teams for simplified permission management. Teams inherit role-based permissions and can have additional database-specific access.
Creating Teams
- Go to Settings Organization Teams
- Click "Create Team"
- Enter team name and description
- Assign a default role for team members
- Add members to the team
- Configure team-specific database access
Team Benefits
Simplified Management
Grant access to multiple users at once by adding them to a team
Consistency
Ensure all team members have consistent permissions and access
Onboarding
Quickly onboard new members by adding them to appropriate teams
Audit Trail
Track changes at the team level for better compliance
Permission Precedence
When a user is assigned both individual permissions and team permissions, the more permissive access level takes precedence. For example, if a user has Read access individually but their team has Write access, the user gets Write access.
Best Practices
1. Principle of Least Privilege
Grant users the minimum permissions necessary to perform their job functions. Start with restrictive permissions and add more as needed.
2. Regular Access Reviews
Periodically review user permissions and team memberships. Remove access for users who have changed roles or left the organization.
3. Use Teams for Groups
Leverage teams instead of managing individual user permissions when multiple users need the same access. This simplifies management and reduces errors.
4. Separate Production Access
Restrict write access to production databases. Consider requiring approval workflows for production changes.
5. Document Custom Roles
Maintain clear documentation of custom roles and their intended use cases. This helps with onboarding and troubleshooting.