Access Control
VeloDB Cloud has three independent access control layers. Each covers a different entry point into the system.
| Layer | Who it's for | Where to manage |
|---|---|---|
| Users and Roles | Applications, BI tools, and SQL clients that connect to a warehouse over MySQL or JDBC | Users and Roles |
| Members | Teammates who need access to the VeloDB Cloud console | Members |
| API Keys | Programmatic access to the VeloDB Cloud management API | API Keys |
Which one do you need?
Users and Roles manages database-level identities — the accounts your data pipelines and BI dashboards use to run queries. These credentials appear in your connection string.
Members manages console-level identities — the people you invite to your organization. A member's role (Organization Admin, Warehouse Admin, Warehouse Viewer) controls what they can see and do in the console, not what SQL they can run.
API Keys are for scripts and automation that call the VeloDB Cloud management API — for example, to create warehouses, pause clusters, or pull metrics programmatically. API keys are separate from both database credentials and console accounts.
A person who needs both console access and SQL access needs to be added as a Member and have a database user created for them. The two systems do not share credentials.