Hologres allows you to manage IP address whitelists for your databases to control the access permissions on the databases. This ensures secure and stable operations in Hologres. This topic describes how to manage an IP address whitelist in the HoloWeb console.

Usage notes

When you manage an IP address whitelist in the HoloWeb console, take note of the following rules:
  • Only Hologres V0.10.14 and later support the IP address whitelist feature. You can view the version of your Hologres instance on the instance details page in the Hologres console or by running the select hg_version() command. If the version of your Hologres instance is earlier than V0.10.14, you can submit a ticket or join the Hologres DingTalk group for technical support.
  • After you purchase an instance, if you do not configure an IP address whitelist, the databases in the instance can be accessed by using all types of networks. For more information about how to purchase an instance, see Purchase a Hologres instance.
  • To manage an IP address whitelist, you must be a superuser of your Hologres instance.
  • To manage an IP address whitelist for an instance in the HoloWeb console, you must set the Logon Method parameter to Password-free Logon when you create a connection to the instance. For more information about how to create a connection to a Hologres instance, see HoloWeb quick start. Password-free Logon

Create an IP address whitelist

  1. Log on to the Hologres console. In the top navigation bar, select a region.
  2. In the left-side navigation pane, click Instances. On the Hologres Instances page, click Go to HoloWeb to go to the HoloWeb console.
  3. In the top navigation bar of the HoloWeb console, click Security Center. In the left-side navigation pane of the Security Center tab, click IP Address Whitelist.
  4. In the upper-right corner, click Add IP Address to Whitelist. In the dialog box that appears, set the parameters as required.
    Add IP Address to Whitelist
    Parameter Description
    Group The group name for the IP address whitelist.

    If you set the Logon Method parameter to Password-free Logon when you create the current connection, you must add users to the HologresConsoleGroup and HoloWebGroup preset groups. Otherwise, features in the consoles and the service are unavailable to the users. To add a user to a preset group, select the group from the Group drop-down list and the user from the Users Allowed drop-down list.

    Accessible Databases The databases that can be accessed by the specified users from the specified IP addresses. Select databases from the Accessible Databases drop-down list. To allow access to all the databases in the current Hologres instance, select ALL.
    Users Allowed The users that can access the specified databases from the specified IP addresses. Select users from the Users Allowed drop-down list. To allow access by all the users of the current Hologres instance, select ALL.
    IP Address The IP addresses from which the specified users can access the specified databases. Take note of the following rules:
    • To specify all the IP addresses, enter ALL.
    • You can specify a specific IP address. For example, you can enter 192.168.0.1, which allows the specified users to access the specified databases from 192.168.0.1.
    • You can specify a specific classless inter-domain routing (CIDR) block. For example, you can enter 192.168.0.0/24, which allows the specified users to access the specified databases from an IP address within the range of 192.168.0.1 to 192.168.0.255.
    • To specify multiple IP addresses, start a new line for each IP address.
  5. Click OK. After you create an IP address whitelist, you allow the specified users to perform operations on the specified databases from the specified IP addresses.

Modify an IP address whitelist

After an IP address whitelist is created, you can modify only the IP addresses in the whitelist. To modify the authorized users and databases, you must create another IP address whitelist.
Note To modify an IP address whitelist, you must be a superuser of your Hologres instance.
  1. In the top navigation bar of the HoloWeb console, click Security Center. In the left-side navigation pane of the Security Center tab, click IP Address Whitelist.
  2. On the IP Address Whitelist page, find the whitelist that you want to modify and click Edit.
  3. In the Edit IP Address in Whitelist dialog box, modify the IP addresses. For more information about how to specify IP addresses for a whitelist, see Create an IP address whitelist.
  4. Click OK.

Delete an IP address whitelist

If you no longer need an IP address whitelist that you created, you can delete the whitelist. After you delete all the IP address whitelists for a connection, no whitelist is available for the relevant instance and databases.
Note To delete an IP address whitelist, you must be a superuser of your Hologres instance.
  1. In the top navigation bar of the HoloWeb console, click Security Center. In the left-side navigation pane of the Security Center tab, click IP Address Whitelist.
  2. On the IP Address Whitelist page, find the whitelist that you want to delete and click Delete.
  3. In the message that appears, click OK.