Treasure Data includes two distinct solutions to help administrators and database owners control who can view, access, and manage databases in the Treasure Data Platform:
Policy-based database permission is a special feature that allows more granular database access and easier implementation. The following is a high-level workflow of the two solutions.
This legacy solution permits database access at the user level. Users can grant others permissions for databases that they created. The database access (legacy) function supports the following types of database access:
For more information, see Setting Database Permissions (Legacy).
Policy-based permissions (PBP) for databases is a feature that lets you take advantage of more granular-level permissions and easier implementation. Unlike database access (legacy) permissions which are administered at the user level, policy-based database permissions are administered at the policy level. Only administrators can create and manage policies for database permissions and then apply those policies to users.
Administrators must grant themselves Full Access permission by creating a policy and assigning it to themselves.
Policy-based database permissions include most of the database access (legacy) permissions*:
*Policy-based database permissions inherit Query-only, Import-only, and General Access from legacy database permissions.
|After the policy-based database permission feature is enabled, managing access control at the user level is no longer available. You cannot revert to the previous database access (legacy) model.|
For more information, see Setting Policy-based Database Permissions in TD Console.