Access Control
Overview
Access Control in Oxla
Oxla supports basic RBAC features (role-based access control) like roles, privileges or ownership. The way they work is similar to those currently available on the market, in popular database solutions.
Enabling Access Control
Access Control is enabled by default on new Oxla installations but might be disabled in config on demand. For information on how to set desired access control level please check our Oxla Configuration File doc.
To preserve backward compatibility on old Oxla versions, with non-empty Oxla Home instances, one must explicitly set access control flag to
ON
, otherwise it will be disabledDefault Superuser
Currently we only support a single superuser, which is also a default user pre-created in Oxla. Username and password credentials for that user are both set to oxla
.
We highly recommend changing the password for security purposes!
Important Notes & Limitations
- There’s only one superuser (their default password can be changed by themselves)
- Only superuser has
SELECT
privilege on internal system tables - Privileges to internal system tables cannot be granted or revoked
- Only superuser and database owners can create new schemas
- Only superuser can create new roles
- Every role is granted
CONNECT
privilege to a default database at the moment of creation (can be revoked) - Concept known as role membership isn’t available in Oxla, thus there’s no privilege inheritance
Once access control is enabled and Oxla Home isn’t empty, it cannot be disabled. Running Oxla with access control flag in
OXLA_HOME
set to OFF
, where it was previously enabled,
will result in Oxla entering a degraded state.