Role Based Access / Permission System in the GUI

[R4PH1]

I know this is a lot to ask, but is it possible to add a permission system into the gui?
There are system owners which should only see their sql instances for e.g. checking performance, locks or running queries.
Building the whole system with an management interface might be to much to ask, but if there would be a way with database roles somehow to make it easier for you this would also help a lot. The GUI could also just not show certain parts and instances with some kind of logic.
Thanks a lot for your efforts with the development of the tool.

[DavidWiseman]

If it's a security requirement that they must not see certain instances, you could consider splitting into multiple DBA Dash repositories. The GUI now allows you to fast switch between multiple repository databases. If you still wanted a combined repository it would be possible to have each service write to a central repository in addition to the system owner repository.

If you just want to hide instances that are not relevant to certain individuals, that could be done using a command line tag filter when starting the GUI. This would restrict someone to the Role\Dev tag. This doesn't provide any real security but it might work depending on your requirements.
dbadash --Tags "Role:Dev" --NoTagMenu

[R4PH1]

Thanks for the suggestions, but none of them seem to be the golden solution in our case.
The most promising would be writing to a secondary destination, but our service monitors multiple instances at the same time and as far as I can see it only allows to either write all or none per service (yes, I also saw the checkbox on the new connection level to write to secondary destination to limit it) Keeping them in one service works very good and is easier for the updating process.
As far as I can see in the doc for the json file, it is not possible to configure the writing to secondary "per connection", only global, or am I wrong?
Lets say instance A has a secondary to DBADash_A and instance B has a secondary to DBADash_B?
I can already see multiple different owners wanting to check their instances. (Thus my request for a permission system)

[DavidWiseman]

Hi, it would be possible to run multiple DBA Dash agents on the same server. You would need to split the connections up so the instances owned by each group have a service associated with them. That agent writes to a repository DB for that group of instances and also to the central DBA Dash DB as a secondary destination. To run multiple DBA Dash services on the same computer, you need to edit the service name in the config so each has a unique name (and deploy each to a separate folder)

https://dbadash.com/docs/setup/options/#multiple-agents-running-on-the-same-host
https://dbadash.com/docs/setup/cli-install/#set-service-name

To add the secondary destination use the CLI or edit the json config file:

https://dbadash.com/docs/setup/cli-install/#add-destination-connection

Implementing a permission system would be difficult to do correctly. Hiding instances in the GUI based on some settings is easier but this doesn't really provide security (Similar to the tag filtering). The DBA Dash GUI connects directly to the DBA Dash repository DB. It relies on the user having direct access to the SQL database - there is a danger the user could connect directly to the database and bypass any application-level security. To do the security properly would take a bit of work and would probably be less robust than having separate repository DBs.

Hope this helps