DBeaver Documentation


Admin Preference Restrictions


This guide outlines the steps for enhancing security and control in DBeaver by restricting specific functionalities.

For Windows, Mac, and Linux, restrictions in the dbeaver.ini file can be implemented, while Windows users can also leverage the Registry for additional control.

Tip: Detailed instructions on finding dbeaver.ini are available in our article.

Follow the appropriate steps based on your operating system and preference.

Modifying the DBeaver configuration file

  1. Navigate to the directory containing the dbeaver.ini file.
  2. Use a text editor to open the configuration file.
  3. Locate the -vmargs line within the file.
  4. Add the desired settings from the Configuration options, ensuring each setting is preceded by -D (for instance -Dpolicy.data.export.disabled = true) and placed below the -vmargs line.
  5. Save the edited file.
  6. Restart DBeaver to apply changes.

Using Windows Registry

  1. Open the Registry Editor by typing regedit in the Run dialog (Win + R).
  2. Navigate to the following path in the Registry: HKEY_CURRENT_USER\Software\DBeaver Corp\DBeaver\policy
  3. Create a new value for each setting, from the Configuration options based on desired restrictions.
  4. Exit the Registry Editor and restart DBeaver to apply the changes.

Important: Editing the Windows Registry can significantly affect your system. Always make sure to back up the registry before making any changes. For more information on how to work with the Windows Registry, refer to the Microsoft Documentation on Registry Editing.

Configuration options

This section consolidates the configuration options, applicable through Windows Registry keys and as settings in the DBeaver configuration file.

Registry and configuration file parameters

This section outlines the parameters that can be configured either through the Windows Registry or directly in the dbeaver.ini.

Registry key/Variable Name Type Default value Allowed values Description
policy.data.export.disabled DWORD/Boolean 0/false 0/false, 1/true Restricts ability to export data from databases.
policy.software.install.disabled DWORD/Boolean 0/false 0/false, 1/true Blocks ability to install new software and access the Eclipse marketplace.
policy.software.update.disabled DWORD/Boolean 0/false 0/false, 1/true Prevents ability to check for DBeaver updates.
connection.credentials.save.restricted DWORD/Boolean 0/false 0/false, 1/true Disables the ability to save database credentials across all user profiles.
Configuration file parameters

This section details the parameters that can be set only in the dbeaver.ini.

Variable Name Default Value Allowed Values Description
dbeaver.disable.secure.masking false false, true Disables the masking of sensitive information in log files.
Master password policy settings
Registry key/Variable Name Type Default value Allowed values Description
policy.master.password.disable DWORD/Boolean 1/true 0/false, 1/true Disables the requirement for a master password.
policy.master.password.policy REG_SZ/String {"minLength": 8, "minLetterCount": 1, "minNumberCount": 1, "minSymbolCount": 0, "requireMixedCase": true} {"minLength": int, "minLetterCount": int, "minNumberCount": int, "minSymbolCount": int, "requireMixedCase": boolean} Specifies the master password policy configuration. This is an optional setting, applicable only when the policy.master.password.disable policy is enabled.

minLength sets the minimum length,
minLetterCount determines the minimum number of letters,
minNumberCount establishes the minimum number of digits,
minSymbolCount sets the minimum number of symbols,
requireMixedCase sets if mixed case letters are required.