All Products
Search

This Product

    ApsaraDB for OceanBase:Service account authorization

    Document Center

    ApsaraDB for OceanBase:Service account authorization

    Last Updated:Jan 10, 2024

    This topic describes how to grant permissions to a service account for the O&M of a cluster instance.

    Background information

    If you need the assistance of Alibaba Cloud technical support engineers, you can use the service account authorization feature to grant permissions such as the configuration, query, and data permissions to Alibaba Cloud technical support engineers. The engineers will operate on your cluster within the allowed time range and authorization scope while providing technical support.

    Prerequisites

    You can grant permissions to a service account when the cluster is in the Running state.

    Note

    Standard Edition (Key-Value) cluster instances do not support service account authorization.

    Procedure

    1. In the left-side navigation pane, click Instances and select the target cluster instance to go to the Cluster Instance Workspace page.

    2. In the left-side navigation pane, click Security Settings.

    3. On the Service account authorization tab, grant permissions and set the expiration time of the permissions.

      1. Turn on the switch for a permission in the Privilege Authorization column. In the dialog box that appears, set the expiration time. At present, you can grant the query, data, and configuration permissions. You can grant one or more permissions based on the actual business needs.

        Note

        If you grant multiple permissions, their expiration time is the same. The expiration time that is set when you grant a permission for the first time applies to all granted permissions.

        Permission

        Description

        Query permission

        Allows Alibaba Cloud technical support engineers to query the indexes and views in your database.

        Data permission

        Allows Alibaba Cloud technical support engineers to execute data query statements such as SELECT under all tenants in the cluster.

        Configuration permission

        Allows Alibaba Cloud technical support engineers to view and modify the configurations of the cluster and tenants.

      2. Click the Edit icon in the upper-right corner to set the expiration time of all granted permissions.1

    4. You can also turn off the switch for a permission in the Privilege Authorization column to revoke the permission.