In Data Management (DMS), you can enforce row-level access control on a table to protect
the security of data rows in the table. You must be granted permissions on specific
rows before you can access the rows.
Prerequisites
A database named poc_prod
is created. For more information, see Design schemas.
Configure row-level access control
- Log on to the DMS console as a DMS administrator.
- In the top navigation bar, move the pointer over the More icon and choose .
- Click the Row Level Security tab.
- Click Add control group. In the dialog box that appears, set the parameters that are described in the following
table.

Parameter |
Description |
Control Group |
The name of the control group. |
Row Configuration |
The name of the field that is used to manage row permissions. Select the database,
table, and field in sequence. In this example, the sex field in the data_modify table of the poc_prod database is used.
Note You can click Add to add multiple fields.
|
- Click Add.
- Find the control group that you created and click Details in the Actions column.
- In the Control value details panel, click Add Row Value and add the value to be managed.
- In the Import Row Value dialog box, set the parameters that are described in the following table.

Parameter |
Description |
Append ? |
Valid values:
- Yes: New values are added to the existing values.
- No: Existing values are replaced with new values.
|
Row Value Content |
The values to be managed. In this example, enter male,female . This way, users must be granted permissions on the rows where the values of the
sex field are male and female before they can query the data of the rows. Developers can apply for permissions
on the rows as needed to query the data of the rows.
Note You can add multiple values at a time. Separate multiple values with commas (,).
|
- Click Import.
The sex
field values that are used to manage row permissions are added.
Apply for row permissions
All users, including DMS administrators and database administrators (DBAs), must apply
for permissions on specific rows before they can query the data of the rows. This
example demonstrates how to apply for row permissions as a regular user.
- Log on to the DMS console as a regular user.
- In the top navigation bar, move the pointer over the More icon and choose .
- On the Permission Application Ticket page, enter
poc_prod
as the database name, select Single as the granularity of the values based on which you want to apply for row permissions,
and then click Search. 
Note You can apply for permissions based on the following value granularities:
- ALL: You can apply for permissions on the rows where all values of the specified field
reside.
- Single: You can apply for permissions on the rows where the specified value of the specified
field resides.
- Select the rule where the value of the sex field is
male
and click Add. The rule appears in the Selected Databases/Tables/Columns section.
- In the Select Permission section, set the parameters that are described in the following table and click Submit.
Parameter |
Description |
Permission |
The type of permission for which you want to apply. Valid values: Query, Export, and Change.
Note You can select one or more permission types.
|
Duration |
The validity period of the selected permissions. |
Reason |
The description of the business background and the reason for this application. This
reduces unnecessary communication and facilitates the approval process.
|
Note After the ticket is submitted, wait for approval. You can view the status of the ticket
in the My Tickets section of the Workbench tab.
- After the ticket is approved, query the data of managed rows on the SQLConsole tab.
Only the rows where the value of the sex field is male are displayed.

You are not authorized to query the data of the rows where the value of the sex field
is female.
