Data Management (DMS) provides the data security protection feature. After you enable this feature for an instance, you can provide authorized users with secure access to the instance. To authorize a user to access an instance by using proxy endpoints, you must be a DMS administrator, a database administrator (DBA), or the owner of data security protection for the instance. This topic describes how to authorize a user to access an instance by using proxy endpoints.

Prerequisites

  • The data security protection feature is enabled for the instance. For more information about how to enable the feature, see Enable the data security protection feature.
    Note To enable the data security protection feature for the instance, you must be a DMS administrator, a DBA, or the owner of the instance.
  • You are a DMS administrator, a DBA, or the owner of data security protection for the instance.
    Note By default, the owner of data security protection for the instance is the user that enables the data security protection feature for the instance. You can view the owner of data security protection for the instance on the Data security protection tab.
  • You are not authorized to access the instance by using the proxy endpoints generated by the data security protection feature.

Authorize a user

  1. Log on to the DMS console. In the left-side navigation pane, right-click the instance that you want to manage and select Data security protection.
    Note You can also go to the Data security protection tab by using the following methods:
    • On the Workbench tab, find the instance that you want to manage on the Instance List tab of the Resource List section. Move the pointer over More in the Actions column and select Data security protection.
    • In the top navigation bar, move the pointer over the All functions icon and choose System > Instance. On the Instance List tab, find the instance that you want to manage, move the point over More in the Actions column, and then select Data security protection.
  2. On the tab, click Authorize. dataprotecton
    Note To authorize a user, you must be a DMS administrator, a DBA, or the owner of data security protection for the instance.
  3. In the Data security protection - Authorize dialog box, select the user that you want to authorize.
  4. Click OK.
    The user is displayed in the list of authorized users. Then, the authorized user can access the instance by using its certification information.
    Note DMS administrators and DBAs can view all authorized users. Regular users can view only their own certification information.
    authlist
Note You can also authorize users by approving the tickets that they submit to apply for data security protection. For more information about how to approve a ticket, see Approve tickets.

Related operations

After the authorization is complete, you can perform the following operations:
  • Enable access from the Internet. To allow on-premises programs or programs that do not reside in the same virtual private cloud (VPC) as the instance to access the instance, click Open to obtain the public proxy endpoints.
  • Change the owner of data security protection for the instance. The owner of data security protection for the instance can grant and revoke permissions on databases, edit the database account, enable or disable access from the Internet, and disable data security protection for the instance. You can click Edit to change the owner of data security protection for the instance.
  • Edit the database account that is used to log on to the instance. You can click Edit to edit the account.
  • View the AccessSecret that you are authorized to use to connect to the proxy endpoints that the data security protection feature generates for the instance. By default, the AccessSecret is masked. To view the plaintext AccessSecret, click View.
  • Update the AccessSecret that an authorized user uses to connect to the proxy endpoints that the data security protection feature generates for the instance. After you click Update, a new AccessSecret is generated. After the update, the programs of the authorized user cannot access the instance by using the previous AccessSecret.
  • Release your permissions. If you do not need to access the instance by using the proxy endpoints generated by the data security protection feature, click Release to release your permissions.
  • Revoke permissions from an authorized user. If an authorized user does not need to access the instance by using the proxy endpoints generated by the data security protection feature, click Recycling to revoke permissions from the user.
Note If you are a regular user that is specified as the owner of data security protection for the instance, you cannot update AccessSecrets for other authorized users, or revoke permissions from these users.