Multi-tenant · MySQL

DB Browser

Give your teams a controlled way to explore MySQL: one place for saved connections, fine-grained table and column rules, optional masking, and the same paging and filters you expect— without letting anyone write ad-hoc SQL.

Create organization Sign in

Free self-service signup · Your data stays in your databases—we store org settings and encrypted connection secrets only.

Product tour

Everything in one secure workspace

Each organization is isolated. Org admins configure who sees what; org users browse only approved connections, tables, and columns. Built for support, analytics, and ops—not for open-ended database consoles.

Organizations & roles

Separate tenants with clear responsibilities—no shared passwords across companies.

ORG_ADMIN — saved connections, user lifecycle, grants, hidden columns, column RAW/masked rules.
ORG_USER — browse only what was explicitly granted.
Self-service registration creates your org and first admin in one step.

Saved database connections

Admins register MySQL hosts once; credentials are encrypted at rest in the platform database.

Test connectivity from the admin UI before saving.
Users pick from a short list of allowed connections—no retyping host strings.
Session flow keeps browsing scoped to the connection you opened.

Grants & column policies

Defense in depth: connection access, then tables, then columns—with a live schema picker on the grants page.

Connection grant — which users may open a saved connection.
Table grant — which tables appear in the sidebar for each user.
Hidden columns — stripped for everyone (e.g. password hashes).
Per-user columns — RAW vs masked; optional sparse mode when you need exact column lists.

Familiar browse experience

Same mental model as a classic DB browser—without exposing SQL to end users.

Table list with search, row counts where available.
Grid with pagination, column sort, and filter on allowed columns.
Row detail view via primary key links.
Server builds parameterized queries only—no user-written WHERE clauses.

Masking & least privilege

Reduce exposure of PII and secrets while still enabling troubleshooting.

Mark sensitive columns as MASKED per user where policy allows.
Combine with hidden columns for fields that must never appear in any UI.
Admins see full capability on connections they manage (non-hidden columns).

Admin & user management

Day-two operations without sharing the database root password.

Create users, assign ORG_USER or ORG_ADMIN.
Edit email, optional display name, and role.
Reset passwords anytime (minimum length enforced).
Cannot demote the only org admin—prevents lockout.

Getting started

How it works

From zero to first controlled browse in a few admin actions.

1

Register your organization

Pick a company name and create the first org admin account. You will use that email to sign in.

2

Add a MySQL connection

Under Admin, save host, database, and credentials—test first. Then open Grants to pick tables and columns from live metadata.

3

Invite users & grant access

Create org users, grant connection + table access, refine column rules. They sign in and open only approved data.

Security & data handling

The platform database (H2 by default; configurable) holds organizations, users, permission rows, and encrypted JDBC passwords. Your business rows stay in your MySQL instances; we never warehouse customer table data in the app database.

Authentication with Spring Security; role checks on admin routes.
CSRF protection on form posts (admin APIs used by the UI are configured explicitly).
Change app.crypto.secret-base64 and the JDBC URL for production deployments.

Ready to try it?

Create your workspace in under a minute, or sign in if your admin already invited you.

Create organization Sign in