Access Control

Overview

The Access Control page allows administrators to directly assign database access privileges to users or groups.

Viewing Access Control List

The Access Control page provides an overview of the database privileges (Privileges) and admin roles assigned to each user or group registered in QueryPie. (You can search by group or user name.)

Viewing Access Control Details for Users/Groups

To view a user or group, click on it in the table on the Access Control page to open a drawer.

• Search : You can search by Connection Name.

• Available Filters:

  • Database Type: Filter by DB type (e.g., MySQL, MariaDB, PostgreSQL).

  • Cloud Provider: Filter by cloud provider type (AWS, Azure, GCP, or QueryPie Connection).

  • Assigned Status: Filter based on whether privileges are assigned.

  • Favorite View: Filter by whether the connection is marked as a favorite (favorites can be set in the DB Connections list).

  • Tag: Filter by tags assigned to the connection.

    • How to Enter Tags: Input Key → press Enter → input Operator → input Value → press Enter.

      • Supported operators: =, !=, :, !:

    • If multiple tags with the same key are entered, an OR search is performed (union).

    • If multiple tags with different keys are entered, an AND search is performed (intersection).

Granting Access Control Privileges

1. Navigate to the Access Control menu from the Database Settings menu.

2. Select a user or group from the list to access the details page.

3. Find the connection to grant permissions for, select the checkbox, and choose a Privilege Type.

4. You can also select multiple connections to grant permissions in bulk.

5. In the Expiration Date field at the bottom, set a permission expiration date. If unset, the permissions will be granted without an expiration date.

Users who are granted permissions can now access the connection with the assigned privileges. The permission grant history will be logged as Access Control Granted in the Access Control Logs.

6. In the Access Control menu, select the user or group to assign privileges and move to the detail panel.

7. Find the connection to which you want to assign privileges and select the Assigned Privilege.

8. You can assign privileges to multiple connections simultaneously by selecting them together.

Once privileges are assigned, the user can connect to the connection with those privileges, and the assignment will be recorded in the Access Control Logs as Access Control Granted.

What happens if both a group and a user within the group are assigned different privileges for the same connection?

If a user is granted multiple privileges through both individual user permissions and group permissions, they can select a Default Privilege when connecting to the connection.

Revoking Access Control Privileges

1. Navigate to the Access Control menu from the Database Settings menu.

2. Select a user or group from the list to access the details page.

3. Find the connection for which you want to revoke permissions, select the checkbox, and click the Revoke button to remove the permissions.

4. You can also select multiple connections to revoke permissions in bulk.

Once permissions are revoked, the user will no longer be able to access the connection. The revocation history will be logged as Access Control Revoked in the Access Control Logs.

Status Descriptions in the Access Control Details Panel

• Active: The user has been granted valid permissions for the connection.

• Deactivated: The user has permissions for the connection but has not accessed it within the administrator-specified period, resulting in temporary deactivation. In this state, the user cannot access the connection.

• Use the Renew button next to the Deactivated status to renew and reactivate the deactivated permissions.

• When permissions are renewed, the Renewed At column will display the renewal timestamp.

Detailed Explanation of the Access Control Details Panel

• The Granted At column displays the timestamp when the permission was first granted.

• The Last Access At column shows the last time the user accessed the connection with the granted permission.

• The Expiration Date column indicates when the permission will be revoked.

If a permission has been granted but the Expiration Date column is empty, the permission will not be revoked. However, the management of the connection's permissions is subject to the Deactivation Period settings, which handle long-term inactivity.

Unlocking a Locked Connection Account

1. If a database connection is locked due to exceeding the maximum login failure attempts set by the database connection security policy, it can be viewed in the Locked Account menu.

2. The number of failed login attempts and the lock timestamp are displayed.

3. To unlock a connection, select the desired item and click Unlock on the right.

4. Navigate to the Audit > Databases > Account Lock History menu to view the connection lock and unlock history.