Skip to main content

Role-based Access Control

info

Requires DBmarlin 4.8.0 or above.

About RBAC​

Role-based Access Control commonly known as RBAC let you control what level of access a user has within DBmarlin.

There are two types of users:

  • Admin users - can see all databases and do all operations within DBmarlin
  • Regular non-admin users - by default will have no access to databases and must be granted access via an Admin user. Regular users cannot carry out user administration (although they can view a list of all users).

Pre-requistites​

RABC requires that Authentication is enabled.

Granting access to Regular non-admin user​

Granting access can only be done by an admin user. You should always have at least one admin user. If needed you can create an admin user or grant admin access to an existing user by running the dbmarlin-add-user script on the DBmarlin server.

Once logged in as a DBmarlin admin user you can see the Settings -> Logins which allows you to grant access to other users.

DBmarlin logins

Tag-based access control​

Access control is tag-based meaning that the admin user needs to tag the instances and then grant a user access to all instances which match a tag filter pattern. You may use existing tags or create new tags specifically for access control.

Here are some worked examples:

  1. If you tagged your instances by Env with tag values of Test/Prod/Staging
    1. You could grant a user access to tags Env=Test which would allow access to only those instances matching Env=Test.
    2. Or, you could grant a user access to see instances matching Env=Test, Env=Staging which would allow access to those instances matching Env=Test OR Env=Staging.
  2. If you tagged your instances by App with tag values of Website/Finance/Cognos
    1. App=Website which would allow access to only those instances matching App=Website.
    2. Or, you could grant a user access to see instances matching App=Website, App=Finance which would allow access to those instances matching App=Website OR App=Finance
  3. If instances had both Env and App tags then you can combine the tags.
    Combining tags

    Note that when combining tag filters, within a Tag names the logic is to OR them but across different Tag names the logic is to AND them together.

    1. You could grant a user access to tags Env=Test, App=Website which would only match instances which have both of these tags set App=Website AND App=Finance
    2. Or you could grant access to see Env=Test, Env=Staging, App=Finance which would only match instances which have either (Env=Test AND App=Finance) OR (Env=Staging AND App=Finance)