Access Management
Access management is a way of securely managing user accounts and controlling access & privileges for the Exasol SaaS environment. This section provides you with more information related to access management in Exasol SaaS.
Authentication and Authorization
Authentication Exasol SaaS ensures that only users with verified identifications can access the web console or databases. A user can log in to the web console using an organization account and user account. A user's authentication is verified by their username and password.
In contrast, authorization is a process that ensures that authenticated users can access only the databases to which they are granted access and control the operations they can perform. A Role-based Access Control manages authorization in Exasol SaaS.
User Accounts
When you register to access Exasol SaaS or are invited to access Exasol SaaS for the first time, an Exasol User Account is created for you. This account includes your email address and first and last name. You will use this account to log in to the web console, perform database operations, and access databases.
A user can be a member of multiple SaaS organization accounts. When logging into Exasol SaaS, you first need to specify the SaaS organization account you wish to log into, followed by your email address and password.
Organizations (or SaaS accounts)
A SaaS organization account represents an organization or company. It contains one or more databases and has one or more users who can use these databases. When you sign in for the first time, an Exasol user account and a SaaS organization account representing your company / organization are created for you.
Each SaaS account is associated with an account ID. You will need this account ID during the sign-up and subsequent login processes.
Role-based Access Control
Exasol SaaS provides role-based access to users. The roles determine the level of access the user has on the Exasol SaaS web console and the tasks they can perform. The following are the roles in Exasol SaaS:
- Member: The member role has limited permissions in the web console. A user with a member role can view and use the databases they are granted access, but cannot manage databases or perform database operations such as adding , stopping, or starting databases or clusters.
- Owner: The owner role has full permissions in the web console. A user with an owner role can manage users, add users, perform database and cluster operations, and view and manage billing and security settings.
View Account ID and Role
Your user profile in Exasol SaaS contains your account ID and your role within the organization. In addition, you can also generate a Personal Access Token from the profile menu that you can use to connect other tools to the database.
To view a list of other users who have access to this account and the databases, see the Manage Users section.
Database Access Management
Access to databases is also managed by Exasol SaaS. Exasol SaaS databases use the OpenID Connect Protocol to authenticate database users and point to the central Exasol user account. This enables single sign-on (SSO) and limits repetitive requests for user credentials when accessing worksheets or performing other database operations in the web console.
During database creation, the user who created the database is automatically added as a database user using OpenID Connect authentication and is granted the DBA role. After creation, you can Invite New Users or Edit Users and grant access to the database. Users will see all databases to which they have been granted access in the web console. In addition, the system will automatically create a database user using OpenID Connect for authentication. This database user is also granted the CREATE SESSION privilege.
Privileges and roles within the database are managed using SQL statements. You must connect to the database using a Worksheet or an SQL Client to grant system or object privileges in the database. After inviting a user, a Worksheet is created for you with some example privileges you can grant to the user. To learn more about database privileges, see Privileges.