All Products
Document Center

Function-role matrix

Last Updated: May 08, 2020

System management roles

Data Management Service (DMS) provides various system management roles as described in the following table.

Role Description Permission
Common user
  • Common users can query and modify data and schemas of databases.
  • You can assign this role to R&D engineers, test engineers, product designers, O&M engineers, and data analysts.
  • By default, RAM users under an Alibaba Cloud account are common users.
  • The System Management menu of the DMS console is unavailable to common users.
  • Common users can access the menu items of the SQLConsole and Data Plans menus of the DMS console only after being granted the required permissions.
Security administrator
  • Security administrators can audit operations and set security levels for fields.
  • You can assign this role to internal auditors and security administrators of your enterprise.
In addition to the permissions of common users, security administrators can manage operations logs and sensitive data and use the data protection feature.
  • Database administrators (DBAs) can manage database instances, determine R&D specifications and processes, and run tasks.
  • You can assign this role to database administrators and O&M engineers of your enterprise.
In addition to the permissions of common users, DBAs have the access to all system management features except for data protection and user management.
DMS administrator
  • By default, the Alibaba Cloud account of the current tenant assumes the role of DMS administrator. You are not allowed to remove this role from the Alibaba Cloud account.
  • You can set a RAM user or an Alibaba Cloud account added to the current tenant as a DMS administrator. The number of DMS administrators has no limit.
  • DMS administrators approve the Admin nodes in approval processes.
  • Only DMS administrators can manage users.
  • DMS administrators can use all DMS features except for data protection.

Set system management roles

For more information about how to set roles for system management, see User management.