Access to Resources

Last modified on September 23, 2022

Access to resources (i.e., Datasources, Servers, Clusters, Clouds, and Websites) is granted to Users through Role Membership, via the Static and Dynamic Access Rules that have been defined for that Role. Roles are assigned to or unassigned from User accounts and Service Accounts in either the Admin UI or CLI.

All permanent User access privileges are inherited via Roles. The only way to grant access directly to Users is with Temporary Access.

Temporary Access

Occasionally it might be necessary to grant temporary or “time-boxed” access. These types of grants occur at the User level, rather than Role level.

Example: Alice needs 30 minutes of read-only access to the production redis replica to diagnose a customer issue. Bob grants temporary access for Alice, which closes any active connections automatically the moment the grant expires. Alternatively, Bob may also revoke that access manually before 30 minutes expires.

Revoke Access

Access is revoked by simply unassigning Role(s) from User accounts and Service accounts in either the Admin UI or CLI.