You can grant the permissions on Data Transmission Service (DTS) to a Resource Access Management (RAM) user, and then access DTS by using the RAM user. This allows you to distinguish between different permissions and improve account security.

Prerequisites

The RAM user is authorized to access cloud resources. For more information, see Authorize DTS to access Alibaba Cloud resources.

Precautions

  • If you need to synchronize data to MaxCompute, you cannot use a RAM user to configure the data synchronization task. You must use an Alibaba Cloud account to configure the task.
  • If you use a RAM user to configure DTS tasks and the database is connected over Database Gateway, you must grant the AliyunDGFullAccess permission to the RAM user. If you use a RAM user to configure DTS tasks and the database is connected over Cloud Enterprise Network (CEN), you must grant the AliyunCENFullAccess permission to the RAM user.

Permission policies

DTS supports read/write and read-only policies.
Note You cannot grant API-level permissions to RAM users.
  • Read/write policy: AliyunDTSFullAccess

    This policy grants the read and write permissions on DTS. If this policy is attached to a RAM user, the RAM user can purchase, configure, and manage DTS instances.

  • Read-only policy: AliyunDTSReadOnlyAccess
    This policy grants the read permission on DTS. If this policy is attached to a RAM user, the RAM user can view the details and configurations of all DTS tasks under the Alibaba Cloud account. However, the RAM user cannot perform change operations.
    Note Change operations include the purchase, configuration, and management of DTS instances.

Procedure

  1. Log on to the RAM console by using an Alibaba Cloud account.
  2. Create a RAM user.
  3. In the left-side navigation pane, click Users under Identities.
  4. In the User Logon Name/Display Name column, find the target RAM user.
  5. Click Add Permissions in the Actions column.Add Permissions
  6. In the Add Permissions dialog box, select the required permission policies.Select the required permission policies
    1. Select System Policy.
    2. Enter dts in the search box to query the system policies that are related to DTS.
    3. Click a policy name to add the policy to the Selected section.
      Note For more information about permission policies, see Permission policies.
  7. Click OK.
  8. Click Finished.

What to do next

Log on to the RAM console as a RAM user.