Server security and access configuration
In Team Edition, you can manage security and access on several levels. These settings let you control how users sign in, who can access the system, how database connections are secured, and how the server is protected on the network.
You can configure:
- Authentication - sign-in methods for users
- Access management - permissions and policies for accounts and teams
- Connection network options - encryption and tunnels for database connections
- Network and security settings - domains, proxies, certificates, and secure storage
- Additional security options - password recovery, credentials storage, provisioning, and restrictions
Authentication¶
Configure how users sign in. Choose local accounts, enterprise identity providers, or cloud-specific services.
- Local authentication
- LDAP
- SAML
- OpenID
- NTLM
- JWT
- AWS IAM
- Microsoft Entra ID, and others
Info
See Authentication methods for a full overview.
Brute force protection¶
Team Edition can protect against brute force attacks on both application login and database connections.
- Login protection - block users after several failed login attempts
- Connection protection - disable accounts after repeated failed connection attempts (for example, wrong database password)
Info
For more details, see Password policy.
Changing database password¶
Team Edition lets users change their database password directly in the application for these databases:
- Cockroach
- Exasol
- Greenplum
- Netezza
- Oracle
- PostgreSQL
- Redshift
- Snowflake
- SQL Server
- Vertica
Info
Oracle, PostgreSQL, and Netezza also support changing an expired password in Team Edition. See Change current user password for details.
Access management¶
Control who can sign in and what they can do. Enforce password rules, assign permissions, and organize users into teams.
Roles¶
Team Edition lets you assign predefined roles with different levels of access.
- Viewer and Editor - work with prepared data
- Manager - prepare data for others
- Developer - work with scripts and connections
- Administrator - manage all settings and users
Info
For more details, see Roles
Connection network options¶
Secure database connections at the connection level. Enable SSL, set up SSH tunnels, and manage keys.
- SSL configuration - encrypt traffic with CA-signed or self-signed certificates
- SSH configuration - protect connections with SSH tunnels and key authentication
- SSL configuration - encrypt traffic with CA-signed or self-signed certificates
- SSH configuration - protect connections with SSH tunnels and key authentication
- Proxy configuration - route connections through a proxy server
- Kubernetes configuration - connect via Kubernetes pods
- AWS SSM configuration - use AWS Systems Manager Session Manager
Network and security settings¶
Manage how the server is exposed on the network. Configure domains, proxies, TLS, and secure storage for sensitive data.
Setting | Description | Reference |
---|---|---|
Domain manager | Configure a custom domain, and apply SSL certificates | Domain manager |
Reverse proxy | Control and filter incoming traffic, enable auth via headers, offload TLS, enforce HTTPS, and configure multiple server URLs | Proxy configuration |
Secret management | Store and retrieve credentials from providers like AWS Secrets or Vault | Secret providers |
Java security properties | Override default JVM crypto properties for compliance and security policies | Java security properties |
Additional security options¶
Team Edition also provides extra security features that complement authentication, access control, and connection settings.
Setting | Description | Client | Reference |
---|---|---|---|
Password recovery | Restore access if the main password is lost | Web | Admin password recovery |
User credentials storage | Control how saved credentials are stored and protected | Web | User credentials storage |
Pre-configured permissions | Define default permissions for new database connections | Web | Pre-configured permissions |
User provisioning | Automate account creation and updates with provisioning systems | Web | Provisioning users |
Proxy header authentication | Authenticate users via trusted reverse proxy headers | Web | Reverse proxy header authentication |
Preference restrictions | Restrict or lock product preferences and configuration options | Desktop | Preference restrictions |
Certificate management | Manage truststores and import custom SSL certificates | Desktop | Manage truststore Import certificates |