System roles - Product Introduction| Alibaba Cloud Documentation Center

Data Management (DMS) provides various system roles as described in the following table.


Role	Description	Permissions
Common user	Common users can perform operations on databases, for example, query and change data, or view and change schemas. Common users can be R&D staff, testers, product staff, operations staff, or data analysts of enterprises.	By default, a RAM user that is added to a DMS tenant assumes the common user role. Common users cannot use the System Management feature in the DMS console. Namely, System Management is not displayed in the top navigation bar of the DMS console. To execute SQL statements in the SQLConsole or use the Data Plans feature, common users must apply for the required permissions first.
Security administrator	Security administrators can perform operations such as determining the security levels of fields and auditing user operations. Security administrators can be internal auditors or security administrators of enterprises.	In addition to all the features that are available for common users, security administrators can also use the Operation Logs, Sensitive Data, and Data Protection features.
Database administrator (DBA)	DBAs are responsible for database management, including managing database instances, database development standards and processes, and task execution. DBAs in DMS can be DBAs or operations and maintenance (O&M) staff of enterprises.	In addition to all the features that are available for common users, DBAs can also use all the system management features except for the Data Protection and User features.
DMS administrator	The DMS administrator role is automatically assigned to the Alibaba Cloud account that is used to create a DMS tenant. The DMS administrator role of this account cannot be revoked. The DMS administrator role can be assigned to any user under a DMS tenant, such as a RAM user or another Alibaba Cloud account that is added to the current DMS tenant. The number of DMS administrators under a DMS tenant is not limited. DMS administrators are assigned to the admin approval nodes in approval processes.	Only DMS administrators can use the User feature. DMS administrators can use all the features of DMS except for the Data Protection feature.

Note For more information about how to assign system roles to DMS users, see User management.