What is a managed database?

A managed database is a database instance (PostgreSQL, MySQL, MongoDB etc.) fully managed by a cloud provider.

How do I choose the right database?

Choose PostgreSQL if you have complex relational data, ACID transactions and want maximum extensibility (JSON, full-text search, advanced functions).

Enable automatic backup from the provider's control panel — on 4database.net, from Dashboard → Backups → Enable automatic backup.

RBAC = Role-Based Access Control.
Instead of granting individual permissions to each user, you define roles (admin, developer, analyst, read-only) and assign them to users.
Concretely: an analyst receives the read-only role on sales tables but cannot access tables with personal data.
RBAC is the enterprise database security standard and is required by GDPR, SOC 2 and ISO 27001.

GDPR Art. 5(1)(f): principle of integrity and confidentiality — RBAC is the technical implementation of this principle.
PostgreSQL: native RBAC via GRANT/REVOKE + Row-Level Security (RLS) for row-level isolation.
MySQL: RBAC via privileges (SELECT, INSERT, UPDATE, DELETE) at database, table or column level.
MongoDB: RBAC through built-in roles (readAnyDatabase, dbAdmin, clusterAdmin) + granular custom roles.

Example 1 — multi-tenant SaaS: the tenant_user role sees ONLY rows with tenant_id = their ID (RLS in PostgreSQL). One tenant cannot see another tenant's data.
Example 2 — data team: developers have WRITE access on staging tables; analysts have READ ONLY on production tables; nobody has DROP TABLE.
Example 3 — GDPR audit: the audit_log_reader role can read the audit log but cannot modify or delete records.

Mistake 1: using a single database user (root/admin) for the entire application — any application vulnerability gives full DB access.
Mistake 2: not revoking access when a developer leaves the team — 30% of internal security breaches involve former employees (IBM X-Force 2023).
Mistake 3: granting GRANT ALL PRIVILEGES instead of defining specific roles — the least privilege principle is ignored.
Mistake 4: not auditing who accesses what — without an audit log, you can't detect unauthorized access.

4database.net has integrated granular RBAC: create custom roles (developer, analyst, ops) with permissions at table or column level.
Row-Level Security (RLS) available on managed PostgreSQL — isolate data per tenant, per department or per user.
Complete audit log: every query, every login, every schema change is recorded with user, timestamp and IP.
Instant revocation: deactivate a user's access with one click, without restarting the database.
Automatic alert on unauthorized access attempts (failed logins, queries on restricted tables).