All Products
Search
Document Center

Resource management roles

Last Updated: May 08, 2020

Resource management roles

Data Management Service (DMS) provides various resource management roles as described in the following table.

Role Description Permission
Instance owner
  • An instance can have only one owner.
  • For an ApsaraDB database instance, the Alibaba Cloud account that owns the database assumes the role of instance owner by default.
  • For a non-ApsaraDB database instance, the Alibaba Cloud account that or the RAM user who registers the instance assumes the role of instance owner by default.
  • Only DMS administrators and the owner of an instance can change the owner of the instance.

  • Instance owners can manage permissions on their own instances, such as granting or revoking instance permissions.
  • Instance owners can, without application, query data in all databases of their own instances, excluding the sensitive and confidential fields, and submit tickets related to various data plans and schemas of the databases.

  • Database owner
  • A database can have a maximum of three owners. When a database instance is registered and DMS synchronizes the data dictionary of the database for the first time, the database administrator (DBA) of the instance assumes the role of database owner by default.
  • The DBA, DMS administrators, and owners of a database can change, remove, or add an owner for the database.
  • A user can submit a ticket to apply for the role of database owner.

  • Database owners can manage permissions on their own databases, such as granting or revoking database and table permissions.
  • Database owners can, without application, query data in their own databases, excluding the sensitive and confidential fields, and submit tickets related to various data plans and schemas of their databases.
  • Database owners approve the Owner nodes in approval processes. If an approval process contains an Owner node, the system automatically pushes the approval request to the corresponding database owners.
  • Table owner
  • By default, the owners of a database are also the owners of tables in the database. A table can have a maximum of three owners.
  • The DBA, DMS administrators, and owners of a table can change, remove, or add an owner for the table.
  • A user can submit a ticket to apply for the role of table owner.


  • Table owners can manage permissions on their own tables, such as granting or revoking table permissions.
  • Table owners can query data in their own tables without application, excluding the sensitive and confidential fields.
  • DBA   
  • An instance can have only one DBA.
  • DMS administrators and the DBA of a database instance can change the DBA of the database instance.

  • DBAs can manage permissions on all databases of their own instances, such as granting or revoking database and table permissions.
  • DBAs can, without application, query data in all databases of their own instances, excluding the sensitive and confidential fields, and submit tickets related to various data plans and schemas of the databases.
  • DBAs approve the DBA nodes in approval processes. If an approval process contains a DBA node, the system automatically pushes the approval request to the corresponding DBA.


  • For more information about how to apply for and manage roles for resource management, see Manage permissions.