When you configure a data synchronization task, you must specify the accounts of the source and destination databases. The database accounts are used for data synchronization. Different databases and synchronization types require different permissions. You must create and authorize database accounts before you configure a data synchronization task.

Permissions required for the source database account

Database Required permissions Topics about how to create and authorize a database account
ApsaraDB RDS for MySQL The read permissions on the objects to be synchronized
Note If the database engine of the source RDS instance is MySQL 5.5 or MySQL 5.6, you do not need to specify the database account or database password.
Create accounts and databases for an ApsaraDB RDS for MySQL instance and Modify the permissions of a standard account on an ApsaraDB RDS for MySQL instance
Self-managed MySQL database The SELECT permission on the objects to be synchronized, the REPLICATION CLIENT permission, the REPLICATION SLAVE permission, and the SHOW VIEW permission Create an account for a user-created MySQL database and configure binary logging
PolarDB for MySQL The read permissions on the objects to be synchronized Create a database account
PolarDB O Edition A privileged account Create database accounts
DRDS The SELECT permission on the objects to be synchronized, the REPLICATION CLIENT permission, and the REPLICATION SLAVE permission DTS automatically authorizes the database account.
ApsaraDB RDS for SQL Server The permissions of the database owner
Note A privileged account has the required permissions.
Modify the permissions of a standard account on an ApsaraDB RDS for SQL Server instance
Self-managed SQL Server database The permissions of the sysadmin role CREATE USER and GRANT (Transact-SQL)
ApsaraDB RDS for PostgreSQL A privileged account
Note If the source database runs on an ApsaraDB RDS for PostgreSQL instance V9.4 and you synchronize only DML operations, the database account must have the REPLICATION permission.
Create an account on an ApsaraDB RDS for PostgreSQL instance
Self-managed PostgreSQL database The permissions of the superuser role CREATE USER and GRANT
ApsaraDB for Redis instance The read permissions on the objects to be synchronized
Note If you synchronize data between ApsaraDB for Redis instances of different Alibaba Cloud accounts, the database accounts must have the replicate permission. In this case, the ApsaraDB for Redis instances must be deployed in the standard or cluster architecture. The ApsaraDB for Redis instances cannot be deployed in the read/write splitting architecture.
Create and manage database accounts
Note By default, you are not allowed to create a database account that is authorized to replicate the data of an ApsaraDB for Redis cluster instance. To do this, submit a ticket. Then, you can create a database account that has the replicate permission. For more information, see Create and manage database accounts.
Self-managed Redis database The PSYNC or SYNC command can be executed on the source Redis database. None
ApsaraDB for MongoDB
  • Full data migration: the read permissions on the source database
  • Incremental data migration: the read permissions on the source database, the admin database, and the local database
For more information, see Manage user permissions on MongoDB databases.
Self-managed MongoDB database
  • Full data migration: the read permissions on the source database
  • Incremental data migration: the read permissions on the source database, the admin database, and the local database
For more information, see db.createUser().
Self-managed TiDB database The SELECT permission on the objects to be migrated and the SHOW VIEW permission Privilege Management

Permissions required for the destination database account

Database Required permissions Topics about how to create and authorize a database account
ApsaraDB RDS for MySQL The read and write permissions on the destination database Create accounts and databases for an ApsaraDB RDS for MySQL instance and Modify the permissions of a standard account on an ApsaraDB RDS for MySQL instance
Self-managed MySQL database The ALL permission on the destination database Create an account for a user-created MySQL database and configure binary logging
PolarDB for MySQL The ALL permission on the destination database Create a database account
PolarDB O Edition The permissions of the database owner You can specify the database owner when you create a database.
DRDS You do not need to specify the database account when you configure the task. None
ApsaraDB for Redis If you use the instance password, no authorization is required. None
If you use a custom account, the read and write permissions are required. Create and manage database accounts
Self-managed Redis database The database password must be valid. None
ApsaraDB for MongoDB The dbAdminAnyDatabase permission, the read and write permissions on the destination database, and the read permissions on the local database For more information, see Manage user permissions on MongoDB databases.
Self-managed MongoDB database The dbAdminAnyDatabase permission, the read and write permissions on the destination database, and the read permissions on the local database For more information, see db.createUser().

AnalyticDB for MySQL

  • Version 2.0: DTS automatically creates a database account and grants permissions to the account. You do not need to specify the database account.
  • Version 3.0: The read and write permissions are required.
Version 3.0: Create a database account

AnalyticDB for PostgreSQL

The initial account or an account that has the RDS_SUPERUSER permission is required.
Message Queue for Apache Kafka None
Note If the instance type of the Message Queue for Apache Kafka instance is VPC Instance, you do not need to specify the database account or database password.
None
Self-managed Kafka cluster None
Note If no authentication is enabled for the Kafka cluster, you do not need to enter the username or password.
None
DataHub You do not need to specify the database account when you configure the task. None
Elasticsearch The logon name and logon password that are specified when you create the Elasticsearch cluster. The default logon name is elastic. Create an Elasticsearch cluster
MaxCompute The CREATE TABLE, CREATE INSTANCE, CREATE RESOURCE, CREATE JOB, and List permissions on the project to be synchronized When you configure the data synchronization task, DTS automatically authorizes the database account.
Tablestore You do not need to specify the database account when you configure the task. None
ApsaraDB for ClickHouse cluster The read and write permissions on the objects to be synchronized Create an account