Authorize users to access a database instance by using proxy endpoints - Data Management

You can access database instances in the Data Management (DMS) console. If you enable the secure access proxy feature for an instance, you can also use the proxy endpoints that are generated by the feature for the instance to access the instance. This topic describes how to authorize users to access a database instance by using proxy endpoints.

Prerequisites

The secure access proxy feature is enabled for the database instance. For more information about how to enable the feature, see Enable the secure access proxy feature.
You are a DMS administrator, a database administrator (DBA), or the owner of the database instance. For more information about how to view user roles, see View system roles and View resource roles.

Procedure

Log on to the DMS console V5.0.
In the top navigation bar, choose Security and Specifications > Secure Access Proxy > Proxy List.
Note
If you use the DMS console in simple mode, move the pointer over the icon in the upper-left corner and choose All functions > Security and Specifications > Secure Access Proxy > Proxy List.
On the Created tab, find the database instance that you want to manage and click Details in the Operation column. The Secure Access Proxy/Details page appears.
Click Authorize.

In the Secure Access Proxy - Authorize dialog box, configure the parameters that are described in the following table and click OK.

Parameter	Description
Authorize User	The user to be authorized. You can select only one user.
Use Custom Database Account	Specifies whether to use a custom database account to access the database instance. By default, the database account that is used to enable the secure proxy feature is used to access the database instance. If the user to be authorized specifies a custom database account, this account is used to access the database instance. If you select No, the database account that is used to enable the secure access proxy feature is used to access the database instance. If you select Yes, you must enter the custom database account and password that are used to access the database instance.
Security Policy	System Security Policy: If you select this option, DMS does not automatically update the AccessKey pair for the user to be authorized. Regularly Update AccessKey Pair: If you select this option and specify the Update Interval parameter, DMS automatically updates the AccessKey pair for the user to be authorized at the specified interval. After the AccessKey pair is updated, the applications of the user cannot access the database instance by using the previous AccessKey pair. Authentication Expires at Specific Time: If you select this option and specify the Expire At parameter, the AccessKey pair that is generated by the secure access proxy feature expires at the specified time.

After the authorization is successful, the authorized user obtains an AccessKey pair that consists of an AccessKey ID and an AccessKey secret.

AccessID: the AccessKey ID that is used to identify the user.
AccessSecret: the AccessKey secret that is used to verify the identity of the user. The AccessKey secret must be kept confidential.

Note

When the user accesses the database instance, the user must use the AccessKey pair to complete identity authentication.
You can also approve a ticket submitted by a user who applies for permissions to access a database instance by using proxy endpoints. For more information about how to approve a ticket, see Approve tickets.

Supported operations

On the Secure Access Proxy/Details page, you can perform the following operations:

View the AccessKey pair of an authorized user: Click View.
Update the AccessKey pair of an authorized user: Click Update to generate a new AccessKey pair. After the AccessKey pair is updated, the applications of the user cannot access the database instance by using the previous AccessKey pair.
Revoke permissions from an authorized user: If an authorized user no longer needs to access a database instance, click Recycling or Release. Then, the user can no longer connect to the proxy endpoints of the database instance.

Note If you are a regular user who is specified as the owner of secure access proxy for the database instance, you cannot update the AccessKey secrets of other authorized users or revoke permissions from these users.