System roles - Product Introduction| Alibaba Cloud Documentation Center

Data Management (DMS) provides various system roles as described in the following table.


Role	Description	Permission
Regular user	Regular users can perform operations on databases. For example, they can query and change data, or view and change schemas. Regular users can be the R&D staff, testers, product staff, operations staff, or data analysts of enterprises.	By default, a RAM user that is added to a DMS tenant assumes the regular user role. Regular users cannot use the features of the System module in the DMS console. To execute SQL statements in the SQLConsole or use the features of the Data Plans module, regular users must apply for the required permissions first.
Security administrator	Security administrators can perform operations such as determining the security levels of fields and auditing user operations. Security administrators can be the internal auditors or security administrators of enterprises.	In addition to all the features that are available for regular users, security administrators can also use the Operation Logs, Sensitive Data, and Data Protection features.
Database administrator (DBA)	DBAs are responsible for database management, including managing database instances, database development standards and processes, and task execution. DBAs in DMS can be the DBAs or operations and maintenance (O&M) staff of enterprises.	In addition to all the features that are available for regular users, DBAs can also use all the system management features except for the Data Protection and User features.
DMS administrator	The DMS administrator role is automatically assigned to the Alibaba Cloud account that is used to create a DMS tenant. The DMS administrator role of this account cannot be revoked. You can specify a RAM user or another Alibaba Cloud account that is added to the current DMS tenant as a DMS administrator. No limit is set on the number of DMS administrators within a DMS tenant. DMS administrators are assigned to the Admin approval node of an approval process.	Only DMS administrators can use the User feature. DMS administrators can use all the features of DMS except for the Data Protection feature.
Schema read-only	The schema read-only role is applicable to the staff such as data analysts in enterprises. In DMS, a user who assumes the schema read-only role has permissions to query the metadata of instances, databases, and tables. For example, the user can view the details of a table or export an entire database.	Users who assume the schema read-only role can query the metadata of all instances, databases, and tables, without the need to have query, change, or export permissions on these instances, databases, and tables.

Note For more information about how to assign system roles to DMS users, see Manage users.