All Products
Search

This Product

    ApsaraDB for OceanBase:Add a tenant allowlist group

    Document Center

    ApsaraDB for OceanBase:Add a tenant allowlist group

    Last Updated:Jan 10, 2024

    This topic describes how to add a tenant allowlist group. IP addresses added to an allowlist of a tenant have access to the tenant.

    Background information

    • ApsaraDB for OceanBase allows you to add allowlist groups for a tenant. A tenant can be accessed only from IP addresses added in an allowlist.

    • A tenant automatically inherits the allowlist groups of the cluster instance to which it belongs. A tenant allowlist group with the "Inherited from Instance" label cannot be edited or deleted, and it is always consistent with the cluster instance allowlists.

    • You can add a maximum of 10 allowlist groups. The names of allowlist groups must be unique. An allowlist group cannot be empty. Each allowlist group supports a maximum of 40 allowlists.

    Procedure

    1. Log on to the ApsaraDB for OceanBase console.

    2. In the left-side navigation pane, click Instances.

    3. In the instance list, click the name of the target cluster instance to go to the Cluster Instance Workspace page.

    4. In the left-side navigation pane, click Tenant Management. In the tenant list, click the target tenant to go to the Tenant Workspace page.

    5. In the left-side navigation pane, click Security Settings.

    6. In the Allowlist tab of the Security Settings page, click Add Allowlist Group.租户安全设置

      Note

      • An allowlist applies to access from both classic networks and Virtual Private Cloud instances (VPCs). It works in a universal network isolation mode.

      • An allowlist group with the "Inherited from Instance" label is inherited from a cluster instance and is always consistent with the cluster instance allowlists.

    7. Specify Group Name and IP Address.租户白名单

      Parameter

      Description

      Group Name

      The allowlist name must be 2 to 32 characters in length, start with a lowercase letter, end with a lowercase letter or digit, and contain only lowercase letters, digits, and underscores (_).

      IP Address

      • You can enter an IP address, for example, 192.168.0.1, or an IP address range, for example, 192.168.0.0/24.

      • Separate multiple IP addresses with commas (,), for example, 192.168.0.1,192.168.0.0/24.

      • 127.0.0.1 indicates that no access is allowed from any IP address.

      • 0.0.0.0 indicates that access from all IP addresses is allowed.

      • Changes to the allowlist of the cluster instance take effect on all tenants.

      • Each allowlist group supports a maximum of 40 allowlists.

    8. Click OK to complete the allowlist settings.

    9. After an allowlist is created, click the Edit icon next to the allowlist group to add or remove IP addresses. Click the Delete icon to delete the allowlist group.

      Note

      An allowlist group with the "Inherited from Instance" label cannot be edited or deleted,