When you configure a data migration task, you must specify the accounts of the source and destination databases. The database accounts are used for data migration. Different databases and migration types require different permissions. You must create and authorize database accounts before you configure a data migration task.

Permissions required for the source database account

Database Required permission Topics about how to create and authorize a database account
ApsaraDB RDS for MySQL The read permission on the objects to be migrated. For more information, see Create an account on an ApsaraDB RDS for MySQL instance and Modify the permissions of a standard account for an ApsaraDB RDS for MySQL instance.
PolarDB for MySQL The read permission on the objects to be migrated. For more information, see Create database accounts.
User-created MySQL database
  • Schema migration: the SELECT permission on the objects to be migrated.
  • Full data migration: the SELECT permission on the objects to be migrated.
  • Incremental data migration: the SELECT permission on the objects to be migrated, the REPLICATION SLAVE permission, the REPLICATION CLIENT permission, and the SHOW VIEW permission.
For more information, see Create an account for a user-created MySQL database and configure binary logging.
ApsaraDB RDS for MariaDB The read permission on the objects to be migrated. For more information, see Create a database and account on an ApsaraDB RDS for MariaDB instance.
ApsaraDB RDS for SQL Server The owner permission on the object to be migrated. For more information, see Create an account for an ApsaraDB RDS SQL Server instance.
User-created SQL Server database
  • Schema migration: the SELECT permission on the objects to be migrated.
  • Full data migration: the SELECT permission on the objects to be migrated.
  • Incremental data migration: the sysadmin permission.
For more information, see CREATE USER.
ApsaraDB RDS for PostgreSQL
  • Schema migration: the CREATE and USAGE permissions on the objects to be migrated.
  • Full data migration: the owner permission on schemas.
  • Incremental data migration: the owner permission on schemas.
For more information, see Create an account for an ApsaraDB RDS for PostgreSQL instance.
User-created PostgreSQL database
  • Schema migration: the USAGE permission on pg_catalog.
  • Full data migration: the SELECT permission on the objects to be migrated.
  • Incremental data migration: the superuser permission.
For more information, see CREATE USER and GRANT.
User-created Oracle database
  • Schema migration: the owner permission on schemas.
  • Full data migration: the owner permission on schemas.
  • Incremental data migration: the DBA permission.
For more information, see CREATE USER and GRANT.
Notice If you need to migrate incremental data from an Oracle database but the DBA permission cannot be granted to the database account, you can grant fine-grained permissions to the account.
ApsaraDB for MongoDB
  • Full data migration: the read permission on the source database.
  • Full data migration: the read permission on the source database, admin database, and local database.
For more information, see Manage MongoDB users though DMS.
User-created MongoDB database
  • Full data migration: the read permission on the source database.
  • Full data migration: the read permission on the source database, admin database, and local database.
For more information, see db.createUser().
User-created Redis database The PSYNC or SYNC command can be run on the user-created Redis database. None
User-created TiDB database The SELECT permission on the objects to be migrated and the SHOW VIEW permission. For more information, see Privilege Management
User-created Db2 database
  • Schema migration: the SELECT permission on the objects to be migrated and the CONNECT permission.
  • Full data migration: the SELECT permission on the objects to be migrated and the CONNECT permission.
  • Incremental data migration: the DBADM permission.
For more information, see Creating group and user IDs for a Db2 database installation and Authorities overview.

Permissions required for the destination database account

Database Required permission Topics about how to create and authorize a database account
ApsaraDB RDS for MySQL The read and write permissions on the destination database. For more information, see Create an account on an ApsaraDB RDS for MySQL instance and Modify the permissions of a standard account for an ApsaraDB RDS for MySQL instance.
PolarDB for MySQL The read and write permissions on the destination database. For more information, see Create database accounts.
User-created MySQL database The ALL permission on the destination database. For more information, see Create an account for a user-created MySQL database and configure binary logging.

AnalyticDB for MySQL

  • Version 2.0: DTS automatically creates a database account and grants permissions to the account. You do not need to specify the database account.
  • Version 3.0: The read and write permissions are required.
Version 3.0: For more information, see Create a database account.
DRDS The read and write permissions on the destination database. For more information, see manage accounts.
ApsaraDB RDS for MariaDB The read and write permissions on the destination database. For more information, see Create a database and account on an ApsaraDB RDS for MariaDB instance.
ApsaraDB RDS for SQL Server The read and write permissions on the destination database. For more information, see Create an account for an ApsaraDB RDS SQL Server instance.
User-created SQL Server database The ALL permission on the destination database. For more information, see CREATE USER.
ApsaraDB RDS for PostgreSQL
  • Schema migration: the CREATE and USAGE permissions on the migrated objects.
  • Full data migration: the owner permission on schemas.
  • Incremental data migration: the owner permission on schemas.
For more information, see Create an account for an ApsaraDB RDS for PostgreSQL instance.
User-created PostgreSQL database The ALL permission on the destination database. For more information, see CREATE USER and GRANT.
PolarDB-O cluster The owner permission on schemas. For more information, see Create database accounts.
User-created Oracle database The owner permission on schemas. For more information, see CREATE USER and GRANT.
ApsaraDB for MongoDB The read and write permissions on the destination database. For more information, see Manage MongoDB users though DMS.
User-created MongoDB database The read and write permissions on the destination database. For more information, see db.createUser().
ApsaraDB for Redis If you use the instance password, no authorization is required. None
If you use a custom account, the read and write permissions are required. For more information, see Manage database accounts.
User-created Redis database The database password must be valid. None