Administer Group Access

Administer group-based access to Data Bridge SQL Server instances and databases.

Overview

Data Bridge manages access to Data Bridge clusters, managed SQL Server instances, and databases on a group-by-group basis.

A group is collection of licensed Intelligent Risk™ users that may access and perform operations on managed SQL Server instances. Tenant administrators grant or revoke access rights and permissions to users based on group membership. Every group may be assiged one or more roles, which define the permissions granted to the members of that group. These role-based permissions are encoded in the API key or OAUTH token that the client passes in each request.

Access to managed SQL Server instances and the databases on those instances is also controlled and managed on a group-by-group basis. Users that are members of a group with access to a server instance or database may access that resource on Data Bridge.

Administer access to SQL Server instances

The Manage groups by server instance service (PATCH /databridge/v1/sql-instances/{instanceName}/groups) enables administrators to grant or revoke group access to managed SQL Server instances.

If a user is a member of a group that is granted access to a SQL Server instance that user may perform all operations granted to that group based on the role assigned to that group. The group must be assigned the Contributor role for its members to import or export data to and from the databases on the SQL Server instance. Consumers may only view data on the specified server instance.

The service takes two path parameters. The instanceName path parameter identifies a SQL Server instance. The request body defines the groupOperations array that may be used to grant or revoke access for one or more groups:

{
  "groupOperations": [
    {
      "groupAction": 0,
      "groupId": "string"
    }
  ]
}

Each operation object defines a groupAction and a groupId.

  • The groupAction parameter specifies the operation type. One of 0 or 1. If 0, the request revokes the access previously granted to the server instance. If 0, the request grants access to the server instance to the specified group and its members.
  • The groupId parameter identifies the group that will be granted access to the SQL Server instance or have its access revoked.

Administrators may view a list of the groups that can access a specific SQL Server instance using the Get groups by SQL Server instance service. This service returns a list of the groups granted access to the specified SQL Server instance.

Administer group access to databases

The Administer access to database by group service (PATCH /databridge/v1/sql-instances/{instanceName}/Databases/{databaseName/groups}) enables administrators to grant or revoke group access to databases on managed SQL Server instances.

If a user is a member of a group that is granted access to the specified database that user may perform all operations granted to that group based on the role assigned to that group. The group must be assigned the Contributor role for its members to import or export data to and from the specified database on the specified server instance. Consumers may only view data on the specified database.

The service takes two path parameters. The instanceName path parameter identifies a SQL Server instance. The databaseName path parameter identifies a database on the specified SQL Server instance.

The request body defines the groupOperations array that may be used to grant or revoke access for one or more groups:

{
  "groupOperations": [
    {
      "groupAction": 0,
      "groupId": "string"
    }
  ]
}

Each operation object defines a groupAction and a groupId.

  • The groupAction parameter specifies the operation type. One of 0 or 1. If 0, the request revokes the access previously granted to the database. If 0, the request grants access to the database to the specified group and its members.
  • The groupId parameter identifies the group that will be granted access to the SQL Server instance or have its access revoked.

Administrators may view a list of the groups that can access a specific SQL Server instance using the Get groups by database service. This service returns a list of the groups granted access to the specified database.

More information

For detailed information about administering Intelligent Risk groups and role-based permissions, see the Intelligent Risk Platform Administrator Guide.


Did this page help you?