Skip to main content
Skip table of contents

Grant and Revoke Access Control

Overview

Administrators have the capability to directly grant database access to individual users or groups.

Grant Access Control Permissions

Database Settings > DB Access Control > Access Control > Details

  1. From the Database Settings menu, navigate to DB Access Control > Access Control menu.

  2. Select the specific user or group from the list to access its details panel.

  3. Locate the desired connection for which you want to grant privileges and select Assigned Privilege.

  4. You can either grant privileges individually or in bulk by selecting multiple connections.

Once the permissions are granted, the authorized user or group can access the connection with the specified privileges. Additionally, all authorization activities are logged in the Access Control Logs, including entries for Access Control Granted.

Q. If a user is included in a group, what happens if I apply different permissions to the same connection for the group and the user?

A. An access control policy is enforced by the sum of the permissions granted to the user and the permissions granted to the group. For example, if a user is granted SELECT permission and the group to which the user belongs is granted Full Control, the user has Full Control.

Revoke Access Control Permissions

Database Settings > DB Access Control > Access Control > Details

  1. From the Database Settings menu, navigate to DB Access Control > Access Control menu.

  2. Select the specific user or group from the list to access its details panel.

  3. Locate the desired connection for which you want to grant privileges and select “None” under Assigned Privilege.

  4. You can either revoke privileges individually or in bulk by selecting multiple connections.

The user whose permissions have been revoked will no longer be able to access that connection, and the revoked permissions will be recorded in the Access Control Logs as an "Access Control Revoked" entry.

Status descriptions in the Access Control Details panel

  • Active: The user is properly authorized for the connection.

  • Deactivated: The user is authorized for the connection, but has been deactivated if they have not accessed the connection for a period of time set by the administrator. In this case, the user is temporarily inaccessible to the connection.

  • Expired: The user's permissions have reached their expiration date and have been revoked.

  • You can reactivate a deactivated permission by renewing it via the Renew button to the right of the Deactivated status.

  • If you renewed a deactivated permission, the “Renewed At” column shows when it was renewed.

    If the permission does not exist, nothing is displayed.

Description of the Access Control Details panel

  • The "Granted At" column displays the first time the permission was granted.

  • In the "Last Access At" column, you can find the latest access time of the user who was granted the permission.

  • The "Expiration Date" column indicates when the permission was revoked.

  • If a permission is granted with no expiration date specified, it will not be automatically revoked. However, the connection's Deactivation Period setting affects the basic management of that permission.

Related Topics

 

Back to DB Access Control

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close