Security in DBeaver PRO
Table of contents
- Master password
- Changing database password
- Password protection for Projects
- Secure authentication
- Predefined connections
- Users roles and permissions
- Centralized automatic updates
- License management
The level of security is one of the key questions for enterprises, and the DBeaver team pays a lot of attention to it. One of the best reasons to use PRO versions is to take advantage of its security tools and features, such as password protection, SSO authentication, teams and roles in Team Edition.
This article briefly describes the most important security options available in DBeaver PRO.
You can enhance security in DBeaver with the Master Password, which encrypts credentials and sensitive data using a secure storage system. This feature ensures that each user's credentials are individually protected by their own Master Password, tying the encryption specifically to their local environment. For more details, refer to the Managing Master Password article.
Changing database password
Users can change the current database password directly in DBeaver in the following databases:
- SQL Server
Oracle, PostgreSQL, and Netezza allow changing an expired password in DBeaver as well.
Password protection for Projects
Master password for all your Projects
You can protect all Projects in your local workspace with a Master password.
You can set this password and store it in DBeaver password provider or use a generated password from your local password provider (for instance, OS X Keystore Integration or Windows integration provider).
Password for one project
You can specify a password for any project to protect all the project's configurations.
You can connect to databases using secure authentication via Kerberos or GCP, AWS, and Azure cloud services.
Kerberos is an authentication protocol, the default authentication technology used in Microsoft Windows.
You can connect via Kerberos using keytab, kinit, or a password. Open the connection settings, choose one of the supported databases and select Kerberos as the authentication method.
Users can connect to all company services using only one login and password. This is possible if you use SSO - Single Sign-On authentication service.
You do not need to manage, store, and transfer user credentials. When a user connects to the database, DBeaver opens a web browser with SSO authentication.
DBeaver supports the following SSO authentication services:
If you want to restrict users from editing connection parameters, you can protect them with passwords.
Users roles and permissions
You can customize users preferences before they run DBeaver. For example, you can set the default simple mode for all connections (to show only schemas and tables and hide all system and service objects).
Roles in Team Edition
The best way to manage user access, restrictions, and permissions is to use Team Edition.
Team Edition allows you to create users and assign them appropriate roles with predefined capabilities.
You can add Viewers and Editors to work with prepared data, Managers to prepare data for them, Developers to work with scripts and connections, and administrators to manage everything.
Centralized automatic updates
If your team works on Microsoft Windows, you can organize DBeaver mass updates in silent mode, without user input, using the Windows Installer command line options.
You can place the license file in the user's workspace or store it elsewhere, and specify the license path on the command line or in the DBeaver configuration file.