Group
The Group menu is used to manage user groups and define access control policies in OneDB. A group allows administrators to assign permissions to multiple users with the same access requirements.
Group configuration includes two main sections:
| Section | Description |
|---|---|
| Permissions | Defines menu-level access such as create, read, update, and delete. |
| Field Access | Defines field-level visibility for selected database tables and columns. |
Access Group Menu
To access the Group page, go to:
User Management → GroupFrom this menu, administrators can create a new group or update an existing group.
Add Group
To create a new group:
- Open the Group menu.
- Click Add Group.
- Enter the group name.
- Configure the required permissions.
- Configure field access if needed.
- Click Save.
Example group name:
read-only-groupPermissions
The Permissions tab is used to define what actions the group can perform across OneDB menus.
Each menu can be assigned one or more permissions.
| Permission | Description |
|---|---|
| Create | Allows users in the group to create new records or configurations. |
| Read | Allows users in the group to view records or configurations. |
| Update | Allows users in the group to modify existing records or configurations. |
| Delete | Allows users in the group to remove records or configurations. |
Menu Permissions
The permissions table displays available OneDB menus and their corresponding access controls.
Example menu items may include:
| Menu | Description |
|---|---|
| User | User account management. |
| Group | User group and permission management. |
| API User | API user management. |
| Connection | Database connection management. |
| Field Settings | Field protection configuration. |
| Oracle | Oracle database browsing or management access. |
| MsSQL | Microsoft SQL Server browsing or management access. |
| PostgreSQL | PostgreSQL database browsing or management access. |
| MySQL | MySQL database browsing or management access. |
| Keys | Key management access. |
| Mask | Masking configuration access. |
| Template | Protection template configuration access. |
| Backup / Restore | Backup and restore operation access. |
| Nodes / Clusters | Node or cluster management access. |
| Monitoring | Monitoring page access. |
| License | License management access. |
| Site Configurations | Site configuration access. |
| Audit Trail | Audit trail access. |
| Syslog | Syslog configuration access. |
| Listeners | Listener management access. |
| Migration | Migration job access. |
| Query Audit | Query audit access. |
Read-Only Group Example
For a read-only group, enable only the Read permission for the required menus.
Example:
| Menu | Create | Read | Update | Delete |
|---|---|---|---|---|
| User | No | Yes | No | No |
| Group | No | Yes | No | No |
| Connection | No | Yes | No | No |
| Field Settings | No | Yes | No | No |
| Query Audit | No | Yes | No | No |
This allows users in the group to view information but prevents them from creating, modifying, or deleting configurations.
Field Access
The Field Access tab is used to define column visibility for users in the group.
This feature allows administrators to restrict which database fields can be viewed by users assigned to the group.
Field access is useful when users need access to a table but should not be able to view sensitive columns such as email, password, token, or other confidential information.
Configure Field Access
To configure field access:
- Open the Field Access tab.
- Select the database connection.
- Select the database or schema.
- Select the table.
- Review the table columns.
- Uncheck columns that should be hidden.
- Click Add to save the field access rule.
- Click Save to save the group configuration.
Field Access Configuration Fields
| Field | Description |
|---|---|
| Connection | Selects the configured database connection. |
| Select Database | Selects the database associated with the connection. |
| Select Schema | Selects the schema that contains the target table. |
| Select Schema / Database | Selects the schema or database, depending on the database type. |
| Select Table | Selects the table where column visibility will be configured. |
| Table Columns | Displays the list of columns available in the selected table. |
| Visible | Defines whether the column is visible to users in the group. |
Table Columns
After selecting a table, OneDB displays the available columns and their data types.
Example:
| Column | Type | Visible |
|---|---|---|
| EmployeeID | int | Yes |
| FirstName | varchar | No |
| LastName | varchar | No |
| Department | varchar | Yes |
| HireDate | date | Yes |
Columns marked as Visible can be accessed by users in the group.
Columns that are unchecked will be hidden from users in the group.
Saved Configurations
After clicking Add, the selected field access rule will appear in the Saved Configurations table.
The saved configuration table displays:
| Column | Description |
|---|---|
| Connection ID | The database connection identifier. |
| Database Type | The database engine type, such as MSSQL or Oracle. |
| Database / Schema | The selected database and schema. |
| Table | The selected table. |
| Column | The column affected by the rule. |
| Visible | Indicates whether the column is visible or hidden. |
| Action | Allows the administrator to delete the saved field access rule. |
Important Behavior
OneDB saves only columns where Visible is set to false.
This means unchecked columns are stored as field access restrictions.
Example:
| Column | Visible | Saved as Restriction |
|---|---|---|
| ID | Yes | No |
| USERNAME | Yes | No |
| No | Yes | |
| PASSWORD | No | Yes |
| DOB | Yes | No |
In this example, only EMAIL and PASSWORD are saved because they are configured as hidden fields.
Field Access Example
The following example hides sensitive columns from a user group.
| Database Type | Database / Schema | Table | Hidden Column |
|---|---|---|---|
| MSSQL | dummy:dbo | Employees | FirstName |
| MSSQL | dummy:dbo | Employees | LastName |
| Oracle | FREE | USER | |
| Oracle | FREE | USER | PASSWORD |
Users assigned to this group will not be able to view the configured hidden columns.
Save Group Configuration
After configuring permissions and field access, click:
SaveThe group configuration will be saved and can be assigned to users.
To cancel the changes, click:
DiscardNotes
Permissions control access to OneDB menus and actions.
Field Access controls visibility of specific database columns for users in the group.
Use the principle of least privilege when configuring group permissions.
For sensitive fields such as passwords, API keys, tokens, email addresses, personal identifiers, or confidential employee data, consider disabling visibility for groups that do not require access.
Field Access does not replace field protection or masking policies. If data must be protected at the query result level, configure the appropriate protection in Field Settings.
