When you have a team of developers, it is critical to restrict their access to data to only what they need to do their job. This ensures to protect sensitive data and prevent unauthorized access.
Bytebase provides several powerful features to help you achieve this:
- You can restrict users to only view data in a specific environment.
- Developer can require approval to access a specific table.
- You can mask sensitive data, such as salary.
- You can track who has accessed which data.
- You can add watermarks to your data to deter unauthorized copying.
This tutorial will walk you through how to use these features in Bytebase.
All are Enterprise Plan only features. However, you can start a 14-day trial of the Enterprise Plan with one click without providing additional information (no credit card required).
Make sure you have Docker installed, and if you don’t have important existing Bytebase data locally, you can start over from scratch by
rm -rf ~/.bytebase/data.
You’ll need two Bytebase accounts – one Owner and one Developer.
- Owner is the one who configures the settings.
- Developer is the one who should only see information based on the configuration.
- Make sure your docker daemon is running, and then start the Bytebase docker container by typing the following command in the terminal.
docker run --init \
--name bytebase \
--restart always \
--publish 5678:8080 \
--volume ~/.bytebase/data:/var/opt/bytebase \
--data /var/opt/bytebase \
localhost:5678in the browser. Register an admin account, we’ll refer to it as Owner. This account will be granted
Workspace Ownerrole. To keep it simple, we use this Owner instead of registerating another DBA in this tutorial. Check Roles and Permissions (RBAC).
Click Start free trial on the left bottom. Click Start 14 days trial (no credit card required).
Click Instances on the top navigation bar. You can see there are two instances. Click them one by one, and turn on Assign License for both. You may check Manage License for more details.
Log in as Developer and go into SQL Editor again. Now you can see database under
SELECT * FROM salary;and run and you can see the result. Change
salaryto any other tables and run, you can see data as well.
In practice, developers can access any database on
Test environment, but they need to obtain permission to access
Prod environment. In this step, we'll show you how to implement this.
Log in as Owner, and go to Settings > Custom Approval. Scroll down to Request Query, and choose
Workspace Owneras Approval flow.
Log in as Owner, go to this issue and click Approve.
SELECT * FROM employee;and run, it'll show permission denied. You can click Request Query to request permission.
- Log in as Owner, and go to
Sample Project. Click Members and then Grant Access. Choose
Developerand assign the role
Allfor Databases. Click Confirm.
- Log in as Developer, and go to SQL Editor. You can see all databases under
SELECT * FROM employee;and run, you can see the result. Change
employeeto any other tables and run, you can see data as well. ## Data Access Control - Export Data Export Data is similar to Query Data. Developer can skip approvals, request approvals to export data or be granted
Exporterrole directly by Owner.
- Log in as Developer, and go to SQL Editor. Select
SELECT * FROM salary;and run, you can see all the information. We want to mask the
With Bytebase, you have now tried out the basic management of data access for developers. If you want to know more about database change as well, you can check DevOps: Database Change Management with PostgreSQL.