DTS supports Alibaba Cloud account and RAM users. You can not only use a RAM user to create and manage tasks but also subscribe to real-time data using the data subscription SDK with the AccessKey and AccessSecret of a RAM user.
This topic describes how to subscribe to data in real time using the Access Key/Access Secret of the RAM user.
DTS currently only supports two kinds of RAM users, namely accounts with read and write permission, and accounts with read-only permission. The read and write policy is AliyunDTSFullAccess, and the read-only policy is AliyunDTSReadOnlyAccess. To allow a RAM user to subscribe to real-time data using the SDK, you need to grant the RAM user the read and write policy, namely AliyunDTSFullAccess.
If the RAM user does not have any permission for the DTS, or only has read-only permission, then when you are using the AccessKey and AccessSecret and launch the SDK, the following error occurs.
As shown in the figure above, the get guid info failed error is reported. DTS assumes that the channel to be subscribed does not belong to the cloud account corresponding to the AccessKey and AccessSecret configured by the SDK.
This section describes how to create a RAM user in the RAM console that can subscribe to real-time incremental data using the data subscription SDK.
If you have not created a RAM user, create one. Make sure that you create an AccessKey and AccessSecret for the RAM user. For more information about how to create a RAM user, see RAM user.
After a RAM user is created, you need to authorize the policy. Grant the DTS system policy AliyunDTSFullAccess to the RAM user. Enter the RAM console, enter the user management page, and then click Authorize in the Actions column to start role policy authorization.
Search the DTS-relevant policies in the policy selection dialog box.
Select AliyunDTSFullAccess from the Available authorization policy names list, add it to the Selected authorization policy names list, and then click OK to complete the account authorization.
When the RAM user is created and the authorization is complete, you can subscribe to the data using the SDK provided by DTS. Note that you need to modify the user AccessKey and AccessSecret in the SDK demo to the AccessKey and AccessSecret of the RAM user.
Run the SDK demo. Check whether you can subscribe to data as expected using the AccessKey and AccessSecret of the RAM user.
You have created and authorized the RAM user for data subscription.