Understanding Permissions, Blacklist, and Whitelist in DBLE

In the previous installment we introduced the management console; this session focuses on DBLE's permission system and blacklist/whitelist mechanisms.

Feature Overview

Permissions control DML actions (INSERT, UPDATE, SELECT, DELETE) on tables. The blacklist, inherited from Druid, blocks unsafe SQL after parsing. The whitelist restricts login to specific users and IP addresses.

Operation Demonstration

Using table tb_mod , a SELECT query initially succeeds, returning three rows. We then modify the DML permissions under the USER configuration, uncommenting the entry that lists INSERT, UPDATE, SELECT, DELETE. After reloading the configuration, the SELECT permission is disabled (binary flag 1101), causing subsequent SELECT attempts to fail, illustrating granular table‑level control. Removing the configuration restores normal access.

Next, we explore the blacklist. It applies globally and contains many entries. By enabling a misspelled SelectAllow flag (intentionally set to false), we block SELECT statements, reload the config, and observe an error indicating the SQL is deemed unsafe.

Finally, we demonstrate the whitelist. After clearing the blacklist and reloading, we edit the whitelist to allow only a specific user (e.g., man1 ) from a designated IP (e.g., 10.186.61.2 ). Reloading the configuration enforces this rule: only man1 can log in from that IP, while other users are denied.

The session concludes with links to DBLE source code repositories and contact information for further learning.