Skip to content

Server security and access configuration

In Team Edition, you can manage security and access on several levels. These settings let you control how users sign in, who can access the system, how database connections are secured, and how the server is protected on the network.

You can configure:

  • Authentication - sign-in methods for users
  • Access management - permissions and policies for accounts and teams
  • Connection network options - encryption and tunnels for database connections
  • Network and security settings - domains, proxies, certificates, and secure storage
  • Additional security options - password recovery, credentials storage, provisioning, and restrictions

Authentication

Configure how users sign in. Choose local accounts, enterprise identity providers, or cloud-specific services.

Info

See Authentication methods for a full overview.

Brute force protection

Team Edition can protect against brute force attacks on both application login and database connections.

  • Login protection - block users after several failed login attempts
  • Connection protection - disable accounts after repeated failed connection attempts (for example, wrong database password)

Info

For more details, see Password policy.

Changing database password

Team Edition lets users change their database password directly in the application for these databases:

  • Cockroach
  • Exasol
  • Greenplum
  • Netezza
  • Oracle
  • PostgreSQL
  • Redshift
  • Snowflake
  • SQL Server
  • Vertica

Info

Oracle, PostgreSQL, and Netezza also support changing an expired password in Team Edition. See Change current user password for details.

Access management

Control who can sign in and what they can do. Enforce password rules, assign permissions, and organize users into teams.

Roles

Team Edition lets you assign predefined roles with different levels of access.

  • Viewer and Editor - work with prepared data
  • Manager - prepare data for others
  • Developer - work with scripts and connections
  • Administrator - manage all settings and users

Info

For more details, see Roles

Connection network options

Secure database connections at the connection level. Enable SSL, set up SSH tunnels, and manage keys.

Network and security settings

Manage how the server is exposed on the network. Configure domains, proxies, TLS, and secure storage for sensitive data.

Setting Description Reference
Domain manager Configure a custom domain, and apply SSL certificates Domain manager
Reverse proxy Control and filter incoming traffic, enable auth via headers, offload TLS, enforce HTTPS, and configure multiple server URLs Proxy configuration
Secret management Store and retrieve credentials from providers like AWS Secrets or Vault Secret providers
Java security properties Override default JVM crypto properties for compliance and security policies Java security properties

Additional security options

Team Edition also provides extra security features that complement authentication, access control, and connection settings.

Setting Description Client Reference
Password recovery Restore access if the main password is lost Web Admin password recovery
User credentials storage Control how saved credentials are stored and protected Web User credentials storage
Pre-configured permissions Define default permissions for new database connections Web Pre-configured permissions
User provisioning Automate account creation and updates with provisioning systems Web Provisioning users
Proxy header authentication Authenticate users via trusted reverse proxy headers Web Reverse proxy header authentication
Preference restrictions Restrict or lock product preferences and configuration options Desktop Preference restrictions
Certificate management Manage truststores and import custom SSL certificates Desktop Manage truststore
Import certificates