Manage Logins

Manage access to managed server instances and databases

Overview

In Data Bridge, a login is an entity that enables a licensed Intelligent Risk Platform™ user to access a managed server instance on Data Bridge. The login enables the user to connect to and perform permitted operations on a particular SQL Server instance. The user must call the service from an IP address on the tenant's access control list.

A Data Bridge login consists of a login name, a password, and a role. The login name and password attributes identify a user and ensure that user can only perform actions permitted by their role. A Data Bridge login may be assigned to multiple Intelligent Risk Platform users.

Role-based access controls

Data Bridge employs role-based access controls to manage API access to managed server instances. Users are assigned roles based on group membership. Every Data Bridge user is assigned to the Contributor or Consumer group and inherits the privileges assigned to that group:

  • The Consumer group identifies users with read-only access to the databases on a managed server instance. Users belonging to this group cannot modify data in databases or upload databases to Data Bridge.
  • The Contributor group identifies users that may modify data, import or export data, and add or remove databases on managed server instances.

Group membership also determines the level of access that a user is granted to custom databases on Data Bridge. RMS maps the Consumer and Contributor groups to pre-defined database roles available by default on all managed server instances. Users are automatically added to one or the other database role. To learn more, see Administer Custom Databases.

Role-based permissions are encoded in the API key or OAUTH token that the client passes in each request. For detailed information about the administration of Intelligent Risk groups and role-based access controls, see the Intelligent Risk Platform Administrator Guide.

View server instance logins

The Get logins by server instance service (GET /v1/sql-instances/{instanceName}/Logins) returns information about the logins to a specific SQL Server instance. The data returned by the service depends on the role assigned to the user making the call.

  • If the user belongs to the Contributor group, the service returns a list of the logins owned by the user.
  • If the user belongs to the Administrator group, the services returns a list of all of the logins to the SQL Server instance.

The service takes one required parameter. The instanceName path parameter identifies the name of a SQL Server instance (for example, dbinstance-1).

Create server instance logins

The Create logins service (POST /v1/sql-instances/{instanceName}/Logins) enables a user to create a new SQL Server login. The scope of the login created depends on the role assigned to the user making the call.

The service takes one required parameter. The instanceName path parameter identifies the name of a SQL Server instance (for example, dbinstance-1).

curl --location -g --request POST 'https://path.to.parameter/databridge/v1/sql-instances/dbinstance-1/Logins' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer XXXXXXXXXXXXXXXXXXXX'

In the request body, specify the login name, the login password, and the role of that user.

{
  "login": "TestLoginConsumerdelete",
  "password": "[email protected]",
   "role": "consumer"
}

  • The login attribute specifies a unique name for the user account. You can use this unique name to identify the user account to edit or delete the user.
  • The password attribute specifies the user’s password. The user must specify the login name and password to access the Data Bridge SQL Server instance.
  • The role attribute specifies the level of access available to the user. One of Consumer or Contributor.

Update server instance login passwords

The Update login password servicd (PATCH /v1/sql-instances/{{instanceNname}}/lLogins/{loginName}) enables administrators to update the password for a specified login.

The service takes to required path parameters. The instanceName path parameter identifies the SQL Server instance. The loginName path parameter specifies the login of a user.

Delete server instance login

The Delete login service (DELETE /v1/sql-instances/{{instancename}}/Logins/{loginName}) enables administrators to delete a SQL Server login from a specific SQL Server instance.

The service takes two required path parameters. The instanceNname path parameter identifies the SQL Server instance. The loginName path parameter identifies the login of the user to delete.


Did this page help you?