Database Access

You can connect to a remote database application through a client, such as DBeaver and HeidiSQL.

Note - For a persistent connection with the database application, set the Keep-Alive timer in the client to 30 seconds.

For example, Keep-Alive setting in the DBeaver client.

 

Types of database access:

  • Transparent

  • Managed

Transparent Database Access

Transparent database access is supported for:

  • PostgreSQL

  • MySQL

  • MongoDB

  • MsSQL

  • ElasticSearch

  • Oracle

This access type works as a seamless tunnel in the background, and is fully transparent for the end-user.

When you select one of the supported database access in the user portal, copy and save the details of Username, SSH host and Private key from the popup.

Note - For MSSQL access with Microsoft clients (SQL Server Management Studio): Run SSH command to open a SSH tunnel:

One-time Client Setup

  1. Navigate to Portal > User setting > Download SSH key. Select the format (.PPK or .PEM) based on your operating system.

  2. Copy and save the key and run this command:

    chmod KEY-PATH

  3. In your database client, select the option to tunnel the data over SSH.

  4. Enter the saved details from your earlier step, when you selected database access in your user portal:

    • Username

    • SSH host

    • Private key

  5. Enter your Database username and password to continue.

Managed Database Access

Managed Database access is currently supported for: PostgreSQL, MySQL (see MySQL Access Parameters ).

This type of access provides several dominant benefits:

  1. Passwordless Access: Users connect to the database with a temporary, Application Access-issued token and are never exposed to the end-server password.
  2. Role-Based Access Controls: Administrators can easily determine the access type of users to each database: Admin, Editor, Read-Only.
  3. Full Visibility: Administrators get a full audit trail of every performed command and query.

Passwordless Access

Users can connect to database servers with a temporary password provided in the portal. Application Access supports user native connectivity to database servers through any client.

To connect through the command-line client:

  1. Open the command line window in your terminal.

  2. Paste the provided command. Make sure you enter your selected database name.

  3. When prompted, enter the provided password.

To connect through a generic database client:

Enter the provided information in the fields and click Connect.

Conditional Role-Based Access by Profile

User access is limited to the access profile assigned by the system administrator:

  • Owner: all statements
  • Editor: SELECT, UPDATE, SET, DELETE, INSERT
  • Viewer: SELECT

Users can have different access profiles to different databases within the same server. For example, the user with Viewer profile cannot perform update or save changes, as this access is restricted for Editor and Owner.

Full Visibility

The Activity Log provides Administrators with full visibility on every query performed by the user.