Outside of looking at and storing data, permissions are the most important part of managing tables.

And effective permissions need a robust system.

So we rebuilt Rocketadmin's permissions on Cedar — the open-source authorization engine Amazon built and runs behind AWS.

Granular, and built to stay that way

Cedar gives you a real syntax for describing access using cascade rules.

From a whole connection down to individual tables and columns, with conditions for finer control where you need it.

That flexibility was the whole point.

The practical payoff is that "who can see what" in each account is simply more accurate than it was before. Rules that used to be approximate are now exact.

Formally verified

Cedar’s correctness has a mathematically proven, airtight track record.

Your access decisions are evaluated by an engine whose logic has been checked the way critical infrastructure gets checked. Very few authorization systems can claim that.

And just like in our previous system, access is default-deny: nothing is reachable until a policy grants it, and a forbid always overrides a permit.

Check it out

Permissions is right where it’s always been — at the top, between Dashboards and Connection settings.

Set the rules, then know your data is even safer and even easier to manage. 

Available now on every plan.

You can find our documentation here.