The latest CloudBeaver 21.1.5 2021 09 30

CloudBeaver 21.1.5 – 2021-09-30

  • Objects can be deleted and renamed via UI.
  • SQL Scripts generation is available in the objects’ context menu.
  • Connected and disconnected databases are divided into 2 groups in the SQL Editor.
  • Other UI improvements have been made.

Working with spatial/GIS data

Spatial data is a geometry or geography value that can be represented on a map or a graph. A geometry object consists of a series of points. Please find more details here.

CloudBeaver’s support of spatial data covers the following databases:

  • PostgreSQL (PostGIS)
  • MySQL
  • SQLite (GeoPackage)
  • H2GIS
  • Oracle
  • SQL Server

Spatial data viewer

Data viewer GIS

If you click on an object on the map, the following data (strings, numbers, dates etc.) from every other column in the corresponding row will be displayed.

GIS Object info

SAML authentication

SAML configuration

If your Identity Provider uses SAML (Security Assertion Markup Language), follow this guide.

Enabling SAML authentication

Go to the Administration menu and enable SAML in the Server configuration tab.

Configuring an external identity provider

  1. Go to the Identity Providers tab and create a new configuration using the SAML IdP details.

  • Add details from your SAML IdP into the new configuration in CloudBeaver.
  • Configuring CloudBeaver integration in an external identity provider

    1. Open the created configuration in CloudBeaver and download the metadata file.

  • Go to the SAML IdP website and add the metadata parameters from the file (entityID and Location) to the SSO access settings, assign users and add the attribute mappings according to the SAML IdP requirements.
  • Each identity provider has its own configuration procedure, we will show how to do it in AWS in the next chapter.

    AWS SSO configuration


    1. Go to the Identity Providers tab and create a new configuration using the SAML IdP details as it is described above.

    2. Add details from your SAML IdP into the new configuration in CloudBeaver. 

    Configuration in Amazon Configuration in CloudBeaver
    AWS SSO sign-in URL IDP signon URL
    AWS SSO sign-out URL IDP logout URL
    AWS SSO issuer URL IDP Entity ID
    1. You can upload the metadata file to fill parameters automatically. 

    2. Or you can specify parameters manually:

    Parameter Value
    Application ACS URL https://HOST_NAME/api/saml/CONFIG_ID/acs
    Application SAML audience https://HOST_NAME/api/saml/CONFIG_ID/metadata

    Where HOST_NAME is the host name of your CloudBeaver installation, CONFIG_ID is the identifier of your SAML configuration.


    Attributes explanation:

    Attribute Value Meaning
    Subject ${user:email} User unique identifier (nameId). It is usually an email address. 1800 Session duration in seconds. 1800 (30 minutes) is the default value roleARN, idpARN IAM role identifier

    Role is the most important attribute, it defines which IAM role will be used for user federation session. Role format: roleARN, idpARN. You can get role ARN in AWS IAM section Role ARN looks like this: arn:aws:iam::123678087624:role/RoleForSAMLAccess.

    You can get IDP ARN in AWS identity providers page IDP ARN looks like this: arn:aws:iam::123678087624:saml-provider/GSuiteSAML.

    Testing SAML authentication

    The Federated tab becomes available in the CloudBeaver authentication dialog after creating the configuration. The user can select the configuration and thereafter login into the application using SSO.

    SQL Editor




    SQL Editor supports autocomplete, syntax highlight, statement execution, script execution, and execution plan for some databases.

    SQL Editor


    Shortcut Description
    Ctrl+Enter Execute SQL statement
    Ctrl+\ or Ctrl+Shift+Enter Execute SQL statement in new tab
    Alt+X Execute script
    Shift+Ctrl+E Show exectution plan
    Alt+T Open SQL Editor in separate browser tab

    Statement Execution

    Place the cursor on the line with the statement or select part of the script to execute the statement. Click on the Run icon in the left toolbar or use the Ctrl+Enter shortcut. The result of the statement execution will be shown under the script editor area. Results will be grouped (Result - 1 (1), Result - 1 (2)) if statement execution is finished with more than one result.

    Statement Execution

    Script Execution

    Click on the Script icon in the left toolbar or use the Alt+X shortcut to execute the script. The summary result will be shown in the Statistics tab, and results will be shown in separate Result tabs.

    Script Execution

    The latest CloudBeaver 21.1.3 2021 08 30

    CloudBeaver 21.1.3

    • Table rows can be created and deleted from the Data Editor.
    • It is possible to preview scripts in the Data Editor.
    • The dialog to enter the credentials appears when you test connections.
    • Different UI bugs have been fixed.

    Server configuration

    CloudBeaver offers different settings that allow configuring the server. The administrator can set the Server configuration settings when configuring the app for the first time, or it can be done later in the Administration Menu.

    Server Configuration

    Server information

    Basic settings such as Server name and Session lifetime.


    Custom connections

    Whether users can create connections by themselves or it can be done only from the Administration Menu.

    Navigator simple view

    Defines how the Database navigator structure will look like.
    You can read more about Simple and Advanced mode here.



    Enables AWS Services.

    Authentication settings

    Define different authentication methods.
    You can read more about authentication methods here.


    Save credentials

    Allow saving credentials for the pre-configured database.

    Save users credentials

    Allow saving credentials for non-admin users.

    Value Panel

    The Value panel provides additional space in the Data editor in which you can manipulate data. The panel is handy if you work with complex types (structures, arrays), long text data or BLOBs.

    To open the panel, click the Value button on the right hand side of the Data tab. Alternatively, you can open the Value panel by clicking Show in value panel on a cell context menu.

    To close the panel, click the Value button again.

    Value Panel Buttons

    The Value viewer panel displays just one value that is currently selected or in focus and allows editing.

    At the top of the Value panel, you can find several tabs. The tabs depend on the current value type. For example, if your current value is a string, you will find 4 tabs (Plain text, HTML, XML, JSON), each representing a format the string can be shown in.

    Value Panel Open


    The Administrator can create users for local name/password based authentication in the Administration Menu.

    CloudBeaver CE

    Local user creation

    1. Go to the Users tab of the Administration Menu and press the Add button.
    2. Create a username and password.
    3. Grant a role to the user. It will define the user’s permission (you can find more information about roles at Role management article).
    4. Give connection access to the user in the Connection Access tab if it is necessary.
    5. Press the Create button.

    The created user can be authorized to CloudBeaver using local authentication and has permission according to his profile.

    CloudBeaver EE

    CloudBeaver Enterprise Edition also allows you to configure AWS and SSO users.

    AWS and SSO users

    When a user is authorized to CloudBeaver EE instance with AWS IAM or SAML authentication for the first time, the appropriate user is created in the application with the User role by default. The administrator can change the user’s role after that.
    The creation of new AWS and SSO users is not possible by the Administrator as it only works with real AWS and SSO users.

    CloudBeaver AWS

    CloudBeaver Enterprise Edition for AWS allows you to configure only AWS and SSO users, because it does not have local access and local users cannot be created there.

    User credentials storage


    It is possible to configure CloudBeaver to save database credentials (user names and passwords) in CloudBeaver storage.
    In this case, users won’t need to enter database credentials every time they connect to a database.

    However, the most secure way is to disable this option. See options “Save credentials” and “Save user credentials” in administrator console, page “Server configuration”.

    Credentials storage

    There are two types of database connections: global and user.
    Global connections are managed by CloudBeaver administrators, user connections are managed by users themselves.

    Global database configuration is stored in workspace sub-folder GlobalConfiguration/.dbeaver.
    Database configurations are stored in the file data-sources.json, database credentials are stored in the file credentials-config.json. File credentials-config.json is encrypted by a special key which is stored in CloudBeaver distribution.

    User configuration are stored in workspace sub-folders user-projects/USER_NAME/.dbeaver.

    Potentially, if an intruder/malware software will get access to CloudBeaver server filesystem, then it may get access to all stored user credentials.
    To increase security it is recommended to configure the server to keep workspace on a shared encrypted network folder (e.g. S3, see S3 Server-side encryption).

    Run Docker Container

    CloudBeaver container image is on DockerHub:

    • dbeaver/cloudbeaver:latest – latest release build.
    • dbeaver/cloudbeaver:dev – latest developer build.


    To install the latest version of CloudBeaver use the following script:

    sudo docker pull dbeaver/cloudbeaver:latest


    To run cloudbaver in the terminal:

    sudo docker run --name cloudbeaver --rm -ti -p 8080:8978 -v /var/cloudbeaver/workspace:/opt/cloudbeaver/workspace dbeaver/cloudbeaver:latest

    Then switch to the browser and open http://localhost:8080/

    Daemon mode

    Add the following parameters:

    -d --restart unless-stopped 

    Accessing databases on the localhost

    If you need to access the database server on the host machine, add the following parameter in docker run: (on Linux only)

     --network host

    Cloudbeaver will work in the host machine network.
    If this mode is not suitable for your network environment then you can run the container in the following way:

    export CB_LOCAL_HOST_ADDR=$(ifconfig | grep -E "([0-9]{1,3}\.){3}[0-9]{1,3}" | grep -v | awk '{ print $2 }' | cut -f2 -d: | head -n1)
    docker run --name cloudbeaver --rm -ti -p 8080:8978 --add-host=host.docker.internal:${CB_LOCAL_HOST_ADDR} -v /var/cloudbeaver/workspace:/opt/cloudbeaver/workspace dbeaver/cloudbeaver:dev

    or just run script deploy/docker/
    It passes the IP address of host machine to the container.

    Docker parameters explanation

    Parameters explanation:

    Parameter Explanation
    –name cloudbeaver Assign container ID (cloudbeaver)
    –rm Removes container on stop
    -ti Enables terminal mode (allows to stop container with CTRL+C)
    -p 8080:8978 Maps CloudBeaver public port (8978) to the host machine port (e.g. 8080)
    -v local_path:/opt/cloudbeaver/workspace Mounts local folder `/var/cloudbeaver/workspace’ to the server workspace. Required to keep CloudBeaver data after container restart.
    –add-host=host.docker.internal:IP address Adds host name in the container’s /etc/hosts file. This may be needed to access the database server deployed on the host machine.
    dbeaver/cloudbeaver:latest Container ID