When you configure a data migration task, you must specify the accounts of the source and destination databases. The database accounts are used for data migration. Different databases and migration types require different permissions. You must create and authorize database accounts before you configure a data migration task.

Permissions required for the source database account

Database Required permissions Topics about how to create and authorize a database account
ApsaraDB RDS for MySQL The read permissions on the objects to be migrated Create an account on an ApsaraDB RDS for MySQL instance and Modify the permissions of a standard account for an ApsaraDB RDS for MySQL instance
PolarDB for MySQL The read permissions on the objects to be migrated Create database accounts
PolarDB O Edition A privileged account Create database accounts
Self-managed MySQL database
  • Schema migration: the SELECT permission on the objects to be migrated
  • Full data migration: the SELECT permission on the objects to be migrated
  • Incremental data migration: the SELECT permission on the objects to be migrated, the REPLICATION SLAVE permission, the REPLICATION CLIENT permission, and the SHOW VIEW permission
For more information, see Create an account for a user-created MySQL database and configure binary logging.
ApsaraDB RDS for MariaDB TX The read permissions on the objects to be migrated For more information, see Create a database and account on an ApsaraDB RDS for MariaDB instance.
ApsaraDB RDS for SQL Server
  • Schema migration: the SELECT permission on the objects to be migrated
  • Full data migration: the SELECT permission on the objects to be migrated
  • Incremental data migration: the owner permission on the object to be migrated
    Note A privileged account has the required permissions.
For more information, see Create an account for an ApsaraDB RDS SQL Server instance.
Self-managed SQL Server database
  • Schema migration: the SELECT permission on the objects to be migrated
  • Full data migration: the SELECT permission on the objects to be migrated
  • Incremental data migration: the permissions of the sysadmin role
For more information, see CREATE USER.
ApsaraDB RDS for PostgreSQL
  • Schema migration: the USAGE permission on pg_catalog
  • Full data migration: the SELECT permission on the objects to be migrated
  • Incremental data migration: a privileged account
    Note If the source database runs on an ApsaraDB RDS for PostgreSQL instance V9.4 and you migrate only DML operations, the database account must have the REPLICATION permission.
For more information, see Create an account for an ApsaraDB RDS for PostgreSQL instance.
Self-managed PostgreSQL database
  • Schema migration: the USAGE permission on pg_catalog.
  • Full data migration: the SELECT permission on the objects to be migrated
  • Incremental data migration: the permissions of the superuser role
For more information, see CREATE USER and GRANT.
Self-managed Oracle database
  • Schema migration: the permissions of the schema owner
  • Full data migration: the permissions of the schema owner
  • Incremental data migration: the DBA permission
For more information, see CREATE USER and GRANT.
Notice If you need to migrate incremental data from an Oracle database but the DBA permission cannot be granted to the database account, you can grant fine-grained permissions to the account. For more information, see Migrate data from a self-managed Oracle database to an AnalyticDB for PostgreSQL instance.
ApsaraDB for MongoDB
  • Full data migration: the read permissions on the source database
  • Incremental data migration: the read permissions on the source database, the admin database, and the local database
For more information, see Manage user permissions on MongoDB databases.
Self-managed MongoDB database
  • Full data migration: the read permissions on the source database
  • Incremental data migration: the read permissions on the source database, the admin database, and the local database
For more information, see db.createUser().
Self-managed Redis database The PSYNC or SYNC command can be executed on the source Redis database. None
Self-managed TiDB database The SELECT permission on the objects to be migrated and the SHOW VIEW permission For more information, see Privilege Management.
Self-managed Db2 database
  • Schema migration: the SELECT permission on the objects to be migrated and the CONNECT permission
  • Full data migration: the SELECT permission on the objects to be migrated and the CONNECT permission
  • Incremental data migration: the DBADM permission
For more information, see Creating group and user IDs for a Db2 database installation and Authorities overview.

Permissions required for the destination database account

Database Required permissions Topics about how to create and authorize a database account
ApsaraDB RDS for MySQL The read and write permissions on the destination database For more information, see Create an account on an ApsaraDB RDS for MySQL instance and Modify the permissions of a standard account for an ApsaraDB RDS for MySQL instance
PolarDB for MySQL The read and write permissions on the destination database For more information, see Create database accounts.
Self-managed MySQL database The ALL permission on the destination database For more information, see Create an account for a user-created MySQL database and configure binary logging.

AnalyticDB for MySQL

  • Version 2.0: DTS automatically creates a database account and grants permissions to the account. You do not need to specify the database account.
  • Version 3.0: The read and write permissions are required.
Version 3.0: For more information, see Create a database account.
DRDS The read and write permissions on the destination database For more information, see Manage database accounts.
ApsaraDB RDS for MariaDB TX The read and write permissions on the destination database For more information, see Create a database and account on an ApsaraDB RDS for MariaDB instance.
ApsaraDB RDS for SQL Server The read and write permissions on the destination database For more information, see Create an account for an ApsaraDB RDS SQL Server instance.
Self-managed SQL Server database The ALL permission on the destination database For more information, see CREATE USER.
ApsaraDB RDS for PostgreSQL
  • Schema migration: the CREATE and USAGE permissions on the migrated objects
  • Full data migration: the permissions of the schema owner
  • Incremental data migration: the permissions of the schema owner
For more information, see Create an account for an ApsaraDB RDS for PostgreSQL instance.
Self-managed PostgreSQL database The ALL permission on the destination database For more information, see CREATE USER and GRANT.
PolarDB O Edition cluster The permissions of the schema owner For more information, see Create database accounts.
Self-managed Oracle database The permissions of the schema owner For more information, see CREATE USER and GRANT.
ApsaraDB for MongoDB The dbAdminAnyDatabase permission, the read and write permissions on the destination database, and the read permissions on the local database For more information, see Manage user permissions on MongoDB databases.
Self-managed MongoDB database The read and write permissions on the destination database and the read permissions on the local database For more information, see db.createUser().
ApsaraDB for Redis If you use the instance password, no authorization is required. None
If you use a custom account, the read and write permissions are required. For more information, see Manage database accounts.
Self-managed Redis database The database password must be valid. None