Data Management (DMS) provides various resource roles as described in the following table.

Role Description Permissions
Instance owner
  • Each instance has only one owner.
  • For an ApsaraDB instance, the default instance owner is the Alibaba Cloud account that is used to create the ApsaraDB instance.
  • For a database instance that is not an ApsaraDB instance, the default instance owner is the Alibaba Cloud account or RAM user that is used to add the database instance to DMS.
  • DMS administrators or the owner of an instance can transfer the ownership of the instance to another user under the current DMS tenant.
  • The owner of an instance can manage permissions on the instance, for example, grant or revoke permissions on the instance.
  • The owner of an instance can query all the data in the databases of the instance, except for data in sensitive or confidential fields. The owner can also submit tickets to perform operations on data and schemas in the instance without applying for permissions first.
Database owner
  • Each database has up to three owners. When the data dictionary of a database is synchronized for the first time, the database administrator (DBA) of the instance to which the database belongs automatically becomes an owner of the database.
  • DBAs, DMS administrators, and owners of a database can add or remove an owner of the database, or transfer the ownership of the database from an existing owner to another user.
  • A DMS user can submit a ticket to apply to be a database owner.
  • The owner of a database can manage permissions on the database, for example, grant or revoke permissions on the database or the tables in the database.
  • The owner of a database can query all the data in the database, except for data in sensitive or confidential fields. The owner can also submit tickets to perform operations on data and schemas in the database without applying for permissions first.
  • Database owners are automatically identified by the system and then assigned to the owner nodes in approval processes.
Table owner
  • Each table has up to three owners. By default, the owners of a table are the owners of the database to which the table belongs.
  • DBAs, DMS administrators, and owners of a table can add or remove an owner of the table, or transfer the ownership of the table from an existing owner to another user.
  • A DMS user can submit a ticket to apply to be a table owner.
  • The owner of a table can manage permissions on the table, for example, grant or revoke permissions on the table.
  • The owner of a table can query all the data in the table, except for data in sensitive or confidential fields.
DBA
  • Each instance has only one DBA.
  • DBAs and DMS administrators can manage instance DBAs.
  • The DBA of an instance can view user permissions on the instance, and grant or revoke permissions on the databases and tables in the instance.
  • The DBA of an instance can query all the data in the databases of the instance, except for data in sensitive or confidential fields. The DBA can also submit tickets to perform operations on data and schemas in the instance without applying for permissions first.
  • Instance DBAs are automatically identified by the system and then assigned to the DBA nodes in approval processes.
Note For more information about how to apply for and manage resource roles, see Permission management.