You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
-`SQL Editor User` (formerly `Project Querier`) - Query in SQL Editor; export results directly from the Editor
35
34
-`Project Viewer` - Read-only access
36
35
37
36
#### Custom Roles
@@ -130,23 +129,22 @@ By default, the first registered user is granted the `Admin` role, all following
130
129
131
130
Any user can create project. By default, the project creator is granted the `Project Owner` role. `Workspace DBA` and `Workspace Admin` assume the `Project Owner` role for all projects.
Bytebase does not define database specific roles. Whether a user can perform certain action to the database is based on the user's Workspace role and the role of the project owning the database.
\*`Project Owner` can change issue status when the current active [Environment Rollout Policy](/change-database/environment-policy/rollout-policy) is set to **Require manual rolling out**.
-**Restrict data copying in SQL Editor**: Only Workspace Admins and DBAs can copy data from query results
46
42
-**Restrict querying admin data sources**: Limit access to administrative data sources in the SQL Editor
47
43
48
-
## Statement execution mode
44
+
## Statement execution
49
45
50
-
Even if you have `sql.dml` and `sql.ddl`[database permissions](/security/database-permission/overview/), you can only run read-only statements such as `SELECT`in SQL Editor by default. If you attempt to run mutation DML or DDL, it will prompt you to submit an issue.
46
+
By default, users with **SQL Editor User** role or `sql.dml` and `sql.ddl`[database permissions](/security/database-permission/overview/)can execute DDL and DML statements directly in SQL Editor. To restrict statement execution to SELECT-only queries and require users to create issues for data modifications, turn on the following **statement execution** settings (**Default**: `off`/`off`):
Copy file name to clipboardExpand all lines: mintlify/changelog/bytebase-3-11-0.mdx
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,11 +11,11 @@ import InstallUpgrade from '/snippets/install/install-upgrade.mdx';
11
11
12
12
-**Environment rollout policy update**
13
13
-**Issue Creators** and **Last Issue Approvers** can no longer roll out issues. Manual rollouts now require specifying workspace/project roles or users with the `bb.taskRuns.create` permission.
14
-
- The force rollout mechanism has been replaced by configurable rollout requirements:
14
+
- The force rollout mechanism has been replaced by [configurable rollout requirements](/change-database/environment-policy/rollout-policy#configurable-rollout-requirements):
15
15
-**Require Issue Approval** – ensures issues must be approved before rollout can proceed (default: enabled).
16
16
-**Plan Check Enforcement** – controls rollout behavior based on plan check results (default: block on errors only).
17
17
18
-
- Deprecate `bb.sql.export` permission and `roles/projectExporter` role.
18
+
- Deprecate `bb.sql.export` permission and `roles/projectExporter` role. It’s merged into `SQL Editor User` role, which now can export directly in SQL Editor; Developer can still create Export issue as before.
19
19
- Deprecate `request.row_limit` in the project IAM policy. Use `maximum_result_rows` in `QueryDataPolicy` instead.
Copy file name to clipboardExpand all lines: mintlify/onboarding/sql-editor-data-access-control.mdx
+1-6Lines changed: 1 addition & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -43,15 +43,10 @@ the project.
43
43
44
44
<Tip>
45
45
46
-
`SQL Editor User` is a built-in role that allows users to run `EXPLAIN` and `SELECT`. If you want to allow users
47
-
to run `EXPLAIN` only, you can create a [custom role](/administration/roles) with `bb.sql.explain` permission.
46
+
`SQL Editor User` is a built-in role that allows users to run `EXPLAIN`, `SELECT` and export data. If you want to allow users to run `EXPLAIN` only, you can create a [custom role](/administration/roles) with `bb.sql.explain` permission.
Copy file name to clipboardExpand all lines: mintlify/security/database-permission/export.mdx
+9-16Lines changed: 9 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,28 +1,21 @@
1
1
---
2
-
title: One-Time Export
2
+
title: Export Data
3
3
---
4
4
5
-
Except for requesting or being assigned `Project Exporter` role to export data repeatedly, you can also request a one-time export in **Export Center**.
5
+
There are two ways to export data:
6
6
7
-
## One-time Export Request
8
-
9
-
Approval flow matches the `Export Data` in [custom approval](/change-database/approval/) if configured.
7
+
- As **SQL Editor User**, you can export directly from SQL Editor.
8
+
- As **Project Developer**, you can request a one-time export in **Export Center**.
10
9
11
-
### Request from SQL Editor
10
+
##Export directly from SQL Editor
12
11
13
-
Data can be exported directly from the SQL Editor result panel if you have the export permission for the data.
12
+
As **SQL Editor User**, after you run a query, you can export the result by clicking **Export** button. The exported data still respects the masking policy to mask exported columns.
As **Project Developer**, you can request a one-time export in **Export Center**. Approval flow matches the `Export Data` in [custom approval](/change-database/approval/) if configured.
26
19
27
20
Enter **Export Center** within a project, where you **Request Export**, select a database and click **Next**.
28
21
@@ -32,7 +25,7 @@ You'll be creating an issue. Enable **Encrypt** and set **Password** if needed,
0 commit comments