ArchitectureA supervised JVM-class runtime — OLTP on seven engines, OLAP on three. AI-native, MCP-native, observable as plain SQL.Read the architecture
Está viendo la edición Perú. Está viendo la edición Colombia. You're viewing the Pakistan edition. Cambiar a la edición global →Cambiar a la edición global →Switch to the global edition →

Deploy permission gates auth changes; security-audit email notifications added

A database_auth_deploy permission now controls who can push authentication and dictionary changes to a target database, and new security-audit and keeper-activity email templates notify on privileged actions.

Pushing authentication and dictionary changes to a database is a privileged action. This release adds a dedicated database_auth_deploy permission that the schema and code processor honours when it opens a deploy connection, so a deployment only proceeds when the acting user carries the deploy flag on the target database.

What the permission controls

  • Per-database deploy flag. The processor checks the user's deploy permission against the specific target database before opening the deploy connection, rather than assuming a single global right.
  • Auditable authorisation. The user administration record gains a dedicated field recording the deploy authorisation, so the grant is inspectable rather than implicit.

Security-audit notifications

  • New notification templates. Three email templates ship for privileged-activity alerts: a security-audit notice and two keeper-activity notices covering dictionary and database changes.
  • Managed like other templates. The templates are loadable and removable through the same setup mechanism used for labels and driver properties, so an operator installs or updates them without manual SQL.

The permission is additive: existing deployments continue to work for users who already hold the deploy right, while the new flag makes the boundary explicit and reviewable.

See the feature →

← All posts