Admin Preference Restrictions

Table of contents

• Overview
• Modifying the DBeaver configuration file
• Using Windows Registry
  • Configuration options
    • Registry and configuration file parameters
    • Configuration file parameters
    • Master password policy settings

Overview

This guide outlines the steps for enhancing security and control in DBeaver by restricting specific functionalities.

For Windows, Mac, and Linux, restrictions in the dbeaver.ini file can be implemented, while Windows users can also leverage the Registry for additional control.

Tip: Detailed instructions on finding dbeaver.ini are available in our article.

Follow the appropriate steps based on your operating system and preference.

Modifying the DBeaver configuration file

1. Navigate to the directory containing the dbeaver.ini file.
2. Use a text editor to open the configuration file.
3. Locate the -vmargs line within the file.
4. Add the desired settings from the Configuration options, ensuring each setting is preceded by -D (for instance -Dpolicy.data.export.disabled = true) and placed below the -vmargs line.
5. Save the edited file.
6. Restart DBeaver to apply changes.

Using Windows Registry

1. Open the Registry Editor by typing regedit in the Run dialog (Win + R).
2. Navigate to the following path in the Registry: HKEY_CURRENT_USER\Software\DBeaver Corp\DBeaver\policy
3. Create a new value for each setting, from the Configuration options based on desired restrictions.
4. Exit the Registry Editor and restart DBeaver to apply the changes.

Important: Editing the Windows Registry can significantly affect your system. Always make sure to back up the registry before making any changes. For more information on how to work with the Windows Registry, refer to the Microsoft Documentation on Registry Editing.

Configuration options

This section consolidates the configuration options, applicable through Windows Registry keys and as settings in the DBeaver configuration file.

Registry and configuration file parameters

This section outlines the parameters that can be configured either through the Windows Registry or directly in the dbeaver.ini.

Registry key/Variable Name	Type	Default value	Allowed values	Description
policy.data.export.disabled	DWORD/Boolean	0/false	0/false, 1/true	Restricts ability to export data from databases.
policy.software.install.disabled	DWORD/Boolean	0/false	0/false, 1/true	Blocks ability to install new software and access the Eclipse marketplace.
policy.software.update.disabled	DWORD/Boolean	0/false	0/false, 1/true	Prevents ability to check for DBeaver updates.
connection.credentials.save.restricted	DWORD/Boolean	0/false	0/false, 1/true	Disables the ability to save database credentials across all user profiles.

Configuration file parameters

This section details the parameters that can be set only in the dbeaver.ini.

Variable Name	Default Value	Allowed Values	Description
dbeaver.disable.secure.masking	false	false, true	Disables the masking of sensitive information in log files.

Master password policy settings

Registry key/Variable Name	Type	Default value	Allowed values	Description
policy.master.password.disable	DWORD/Boolean	1/true	0/false, 1/true	Disables the requirement for a master password.
policy.master.password.policy	REG_SZ/String	{"minLength": 8, "minLetterCount": 1, "minNumberCount": 1, "minSymbolCount": 0, "requireMixedCase": true}	{"minLength": int, "minLetterCount": int, "minNumberCount": int, "minSymbolCount": int, "requireMixedCase": boolean}	Specifies the master password policy configuration. This is an optional setting, applicable only when the policy.master.password.disable policy is enabled. minLength sets the minimum length, minLetterCount determines the minimum number of letters, minNumberCount establishes the minimum number of digits, minSymbolCount sets the minimum number of symbols, requireMixedCase sets if mixed case letters are required.