Credential Leasing

Users in the strongDM system may be granted access to a Datasource or Server within or without a Role.

From the perspective of a Datasource or Server, access is conducted via the Leased Credential.

Example: When Bob connects to a MySQL instance, executing SHOW PROCESSLIST will list the connection within that instance as originating from leased-credential and the IP of the gateway or relay most proximate to that MySQL instance. Within strongDM, any logged queries will be attributed to Bob.

graph TD; U(User) -->|belongs to| R; R(Role) -->|leases| A; R(Role) -->|leases| B; R(Role) -->|leases| C; A(superuser) --> D[DB]; B(read-only) --> D[DB]; C(restricted) --> D[DB];