# Data Access Control

> Govern how users query, view, and export database data with centralized access control, approvals, and built-in data protection.

Source: https://www.bytebase.com/data-access-control/

---

## Database access, without the chaos

Govern how users query, view, and export database data with centralized access control, approvals, and built-in data protection.

## How database access is requested, approved, and enforced

### Request, Review & Approve: Request access with least privilege and time-bound controls

Developers request database access directly in Bytebase—defining what they need, where, and for how long.

- **Just-in-Time (JIT) access**: Grant time-bound access that expires automatically
- **Granular permissions**: Control access by role, environment, project, and database
- **Workspace & project-level access**: Assign custom roles across workspaces and projects

### Data Masking: Approve through policy-driven workflows

Ensure the right access is approved by the right people—before any data is exposed.

- **Review results**: See errors, warnings, and passed checks clearly
- **Configurable review policies**: Define rules that match your team's requirements
- **Custom approvals**: Route changes to the right approvers automatically

### Query & Access: Query data safely through a governed interface

Users access databases through Bytebase with built-in safeguards for sensitive data.

- **SQL editor**: Query databases from a secure, centralized editor
- **Dynamic data masking**: Mask sensitive columns based on access policy
- **Export**: Export query results only when explicitly permitted
- **AI assistant**: Write correct, efficient SQL faster with built-in assistance

## Clear roles, shared controls, and predictable workflows

### Developers — Get access without waiting

Request self-service access without chasing credentials.

### Developers — Debug safely in production

Query real data without exposing sensitive fields.

### Developers — Work from one interface

Access multiple databases through a single, secure editor.

### Security Engineers — Enforce least privilege by default

Access is scoped, time-bound, and policy-driven.

### Security Engineers — Protect sensitive data automatically

Dynamic masking prevents exposure of PII and PHI.

### Security Engineers — Maintain full auditability

Every access request and query is logged and attributable.

### Database Administrators — Eliminate shared credentials

Remove passwords, admin accounts, and shadow access.

### Database Administrators — Centralize access management

Define and manage permissions across all databases.

### Database Administrators — Reduce operational risk

Control access without becoming a manual gatekeeper.

## Get Started

- [Book a demo](https://www.bytebase.com/demo/)
- [Start now (cloud)](https://console.bytebase.com)