Just-in-Time Database Access
Grant temporary, audited access to sensitive databases on demand.
Standing access to production databases is one of the most common findings in security reviews. Aurva supports a Just-in-Time (JIT) workflow where access is granted temporarily, fully audited, and automatically revoked.
How it works
- An engineer requests access through your existing approval channel (Slack, ServiceNow, Jira). Aurva integrates with these via Alert Routes configured in reverse — outbound webhooks from approval systems.
- On approval, the requester is granted access for a fixed window (e.g., 30 minutes).
- All queries during the window flow through the Aurva Database Proxy and are tagged with the JIT request ID in the audit trail.
- Aurva's Guardrail policies still apply during the session — blocked queries still produce alerts even when access is approved.
- At the end of the window, access is revoked automatically.
Enabling
JIT access requires Prevention mode and the Aurva Database Proxy in front of the protected asset. See Monitoring Configuration → Enabling Prevention Mode.