All Products
Search
Document Center

Data subscription SDK supports RAM accounts

Last Updated: Sep 11, 2019

DTS supports Alibaba Cloud account and RAM users. You can not only use a RAM user to create and manage tasks but also subscribe to real-time data using the data subscription SDK with the AccessKey and AccessSecret of a RAM user.
This topic describes how to subscribe to data in real time using the Access Key/Access Secret of the RAM user.

The RAM user must be granted read and write policy of accessing DTS.

DTS currently only supports two kinds of RAM users, namely accounts with read and write permission, and accounts with read-only permission. The read and write policy is AliyunDTSFullAccess, and the read-only policy is AliyunDTSReadOnlyAccess. To allow a RAM user to subscribe to real-time data using the SDK, you need to grant the RAM user the read and write policy, namely AliyunDTSFullAccess.

If the RAM user does not have any permission for the DTS, or only has read-only permission, then when you are using the AccessKey and AccessSecret and launch the SDK, the following error occurs.

Insufficient permission to access SDK

As shown in the figure above, the get guid info failed error is reported. DTS assumes that the channel to be subscribed does not belong to the cloud account corresponding to the AccessKey and AccessSecret configured by the SDK.

Create and authorize a RAM user

This section describes how to create a RAM user in the RAM console that can subscribe to real-time incremental data using the data subscription SDK.

(1) Create a RAM user

If you have not created a RAM user, create one. Make sure that you create an AccessKey and AccessSecret for the RAM user. For more information about how to create a RAM user, see RAM user.

(2) Authorize the RAM user

After a RAM user is created, you need to authorize the policy. Grant the DTS system policy AliyunDTSFullAccess to the RAM user. Enter the RAM console, enter the user management page, and then click Authorize in the Actions column to start role policy authorization.

Authorization step 1

Search the DTS-relevant policies in the policy selection dialog box.

Grant read and write permissions to the SDK.

Select AliyunDTSFullAccess from the Available authorization policy names list, add it to the Selected authorization policy names list, and then click OK to complete the account authorization.

Subscribe to data using the AccessKey and AccessSecret of the RAM user.

When the RAM user is created and the authorization is complete, you can subscribe to the data using the SDK provided by DTS. Note that you need to modify the user AccessKey and AccessSecret in the SDK demo to the AccessKey and AccessSecret of the RAM user.

SDK with RAM user AccessKey and AccessSecret

Run the SDK demo. Check whether you can subscribe to data as expected using the AccessKey and AccessSecret of the RAM user.

Subscribe to data using the AccessKey and AccessSecret of the RAM user

You have created and authorized the RAM user for data subscription.