Introducing Role-Based Access Control for SingleStore Aura: Secure, Compliant and Enterprise-Ready

RBAC implementation for Helios enhances database security in multi-tenant cloud environments by ensuring users have precisely the permissions they need, while following the principle of least privilege. 

Building upon the previously set framework and applying it to our newly launched service, we're thrilled to announce the rollout of Role-Based Access Control (RBAC) for SingleStore Aura, our managed container service for data applications. This highly requested feature empowers enterprise customers with the governance controls they need while enabling seamless collaboration across users within SingleStore organizations.

Elevating enterprise security and compliance

As organizations increasingly adopt cloud services for their mission-critical applications, managing who has access to what becomes paramount. This is especially true for enterprises with strict compliance requirements like SOC2, HIPAA or GDPR.

With RBAC for Aura, we're delivering a comprehensive security framework that allows precise control over resource access based on users' roles within your organization. This approach not only strengthens your security posture, but also simplifies compliance with regulatory requirements.

Why we built RBAC for Aura

Before this release, managing access to shared resources within Aura presented several challenges:

• Limited access control. All users with access to shared apps and files (coming soon) could view and edit them — regardless of ownership.
• Ownership management. When resource owners left an organization, transferring ownership was cumbersome.
• Compliance gaps. Enterprise customers with strict regulatory requirements needed more granular permissions.

RBAC addresses these challenges through a structured permission model that aligns with organizational roles and responsibilities, while providing the audit trail necessary for compliance requirements.

How RBAC works at a high level

Our implementation follows industry best practices for role-based access control, with three key components:

1. Roles. Predefined sets of permissions assigned to Users or Teams (owner, observer, user, reader)
2. Permissions. Specific actions a role is allowed to take (view, edit, delete, etc.)
3. Resources. Aura resources that can be protected (apps, organization)

RBAC rules are applied for either individual users or a group of users belonging to a team. This model provides a logical hierarchy that makes it intuitive to understand which permissions supersede others, creating a clear security boundary around your resources.

Aura App resources

Aura Apps are packaged applications that run on SingleStore Aura. At the moment of writing this article, Aura Apps include Cloud Functions, Dash Apps, Inference APIs and Scheduled Jobs.

Aura App roles

Apps in Aura now support two distinct roles:

• Owner. Complete control with abilities to manage access, operate, delete, monitor and use the App. The owner can create and revoke API keys.
• User. Can access published endpoints and view the app in the UI; For an app they can create new API keys and use those keys for accessing the App.

Organization owner role

Organization owners gain enhanced capabilities:

• Inherit ownership. Organization owners automatically inherit the Owner role for all Aura Apps.
• Resource oversight. Complete visibility across all resources in the organization for admins. For example, admins can revoke orphaned API keys from members and Apps that are no longer active.

Real-world benefits

• Streamlined compliance. For regulated industries like finance and healthcare, RBAC simplifies audit processes by providing clear documentation of who has access to what resources. When auditors ask for evidence of access controls, you can easily demonstrate your governance model through the Aura RBAC system.

• Operational efficiency. RBAC reduces administrative overhead by allowing you to quickly implement access changes across the platform. When new team members join or roles change, permissions can be updated in seconds — rather than requiring extensive reconfiguration.
• Secure collaboration. Data scientists, analysts and engineers can collaborate on shared resources with appropriate boundaries. For example, data scientists can build models that analysts can view and use without risk of accidental modification.
• Simplified user management. When team members leave your organization or change roles, RBAC ensures continuity by allowing organization owners to transfer resource ownership without disruption. This eliminates risky orphaned resources that create security and management challenges.

Getting started with RBAC in Aura

Existing Aura users can start enforcing RBAC immediately through both the portal UI and management API. When creating or updating resources, you'll now see options to define access levels and assign specific roles to users or teams.

For shared resources, take for example a cloud function, you can easily:

View current access permissions by clicking the “Share” button.

Add users or teams with specific roles to be able access this application.

Remove access when the user/team no longer has any need to be able to access this application.

You can also go to the "Users & Permissions" page to get granular information about roles and permissions at an organization level.

Looking ahead: Our RBAC roadmap

This release marks an important milestone in our security journey, but we're just getting started. In upcoming releases, we have plans to introduce:

• RBAC for files in Data Studio
• More granular permission controls
• Additional custom role types for specialized use cases
• Folder-level access controls for enhanced organization
• Advanced audit logging capabilities

Role-Based Access Control for SingleStore Aura represents a significant advancement in our mission to make our platform enterprise-ready while maintaining the agility that developers love. By implementing industry-standard security practices, we ensure organizations of all sizes can confidently build their data applications on Aura.

Whether you're a startup scaling security practices or an enterprise with strict compliance requirements, RBAC provides the governance framework you need to manage access effectively while enabling collaboration across your organization.

We invite you to explore this new capability and share your feedback as we continue to enhance our security features. Together, we're building a more secure, compliant and collaborative data platform.

To learn more about configuring RBAC for your Aura resources, or have any feedback or concerns about this feature please reach out to our Support team.

Try SingleStore free.