Q: Is Mode cloud-based or on-premise?
Mode is a cloud-based web service that runs on top of Amazon Web Services. Mode doesn’t offer a packaged on-premise solution at this time.
Q: Does Mode require me to store my database in the cloud?
No. Mode provides a web-based interface for running ad-hoc queries and reporting. Your database continues to live in your data center and the queries run on your servers.
Q: How does Mode access my databases?
Mode uses an installable application (“the bridge connector”) to coordinate communication between Mode and your databases. In order for the the bridge connector to work, it must be installed on a computer that has access to the database you wish to query. Accordingly, the bridge connector is typically installed on a desktop computer with VPN access or a server behind the corporate firewall.
Q: Where are the results of a user’s query stored
After a query is run, the bridge connector sends the results back to our API where they are stored with server-side encryption and sent to the user’s web browser for display. They remain stored for reporting, sharing, and auditing. Stored results can be deleted by contacting Mode support.
Q: Does Bridge use Transport Encryption?
Yes. All communication between the Bridge and Mode is encrypted using modern ciphers and cryptographic systems.
Q: What user does the bridge connector use to access the database?
The bridge connector relies on a shared user account to run all queries. When configuring the bridge connector we recommend that you create a read-only user according to your database vendor’s instructions. For additional auditing, the bridge connector adds tags to each query with the Mode username of the user running the query and a unique report run token that can be used to identify the exact dataset that was returned. This information will appear in your database systems logs, so you will still be able to easily identify individual users’ actions.
Q: What data does the bridge connector have access to?
The bridge connector relies on the database to enforce data access permissions. Mode recommends using a database system that supports column-level access controls.
Q: Can users execute arbitrary queries?
Mode doesn’t analyze queries or transform them in any significant way. This means that a user can run any query they want against the database. We rely on the database system’s access control to make sure that users cannot run queries that they aren’t authorized to run.
Q: How is access to query results and reports controlled?
Permission to access stored query results is controlled at the database connection level: users can only view query results that come from databases to which they have access. Administrators of organizations can grant or revoke a user’s access to any connected database from the admin tools section. More granular permissions options for administrators are on the roadmap.
Q: How can I keep track of the queries that users are running?
Mode allows for much more comprehensive auditability than traditional tools:
- Administrators of a Mode organization have the ability to view all of the queries and results that the organization’s members run.
- Mode inserts comments into every query that include the Mode username and unique query token for every query it runs. These will show up in your database system logs.
Q: What ports does Bridge use to connect to Mode?
Bridge makes outbound TCP connections on
Last Updated September 19, 2015