This topic describes the accounts that you can use to log on to Data Management (DMS) and shows you how to manage the configurations of RAM users.

You can log on to DMS by using one of the following methods:

  • Log on to DMS by using an Alibaba Cloud account or as a RAM user.
    • If you log on to DMS by using an Alibaba Cloud account, you can manage the configurations of RAM users on the Configuration Management page in the DMS console. For more information, see Manage the configurations of RAM users.
    • If a RAM user is removed, the RAM user is still available in DMS. However, you cannot use the RAM user to log on to Alibaba Cloud or the DMS console.
      Note Before you remove or disable a user in DMS, check whether the user assumes a role such as a data owner, a database administrator (DBA), or an approver on an approval node. If the user assumes a role, assign its role to another user. For more information, see Remove a user.
  • Use single sign-on (SSO) to log on to DMS. You can implement user-based SSO or role-based SSO to log on to the Alibaba Cloud Management Console from the identity provider (IdP) of your enterprise. For more information, see Use SSO to log on to DMS.

Manage the configurations of RAM users

To manage the configurations of RAM users, you must be a DMS administrator or a DBA.

  1. Go to the DMS console V5.0.
  2. In the top navigation bar, click O&M. In the left-side navigation pane, click Configuration.
    Note If you are using the previous version of the DMS console, move the pointer over the More icon in the top navigation bar and choose System > Configuration.
  3. Manage the configurations of RAM users.
    • Whether to enable RAM permission verification:
      • By default, this feature is enabled.
        • A RAM user to which the AdministratorAccess policy is attached is initialized as a DMS administrator.
        • If a RAM user is a regular user in DMS and the ReadOnlyAccess policy is attached to the RAM user for accessing RDS and MongoDB databases in the Resource Access Management (RAM) console, the RAM user can perform the following operations in DMS:
          • Query a database instance that is managed in Security Collaboration mode.
            Note No permission record is provided.
          • Log on to a database instance that is managed in Flexible Management or Stable Change mode.
            Note The permission record shows that the user has the RAM permissions on a specific service such as an RDS database and is automatically granted the permissions to log on to a database instance in DMS for 180 days.
      • If you disable this feature, no role or permission is initialized for a RAM user in DMS.
    • Allow sub-accounts to automatically join the tenant:
      • By default, this feature is enabled. After you create a RAM user for your Alibaba Cloud account, the RAM user is automatically added to the DMS tenant to which the Alibaba Cloud account belongs when you log on to the DMS console.
      • If you disable this feature, you must manually add the RAM user that you create for you Alibaba Cloud account to the DMS tenant to which the Alibaba Cloud account belongs. For more information, see Add a user.