Data Management (DMS) provides the metadata access control feature. You can enable this feature to allow users to view and access only the database instance or database on which they have permissions. This topic describes how to enable metadata access control in DMS.

Prerequisites

The database instance for which you want to enable metadata access control is managed in Security Collaboration mode. For more information, see Control modes.

Background information

As a centralized data management service, DMS provides different roles that are granted different permissions. This helps you manage data in your enterprise in a secure manner. After you enable metadata access control for a database instance or database, only users who have permissions on the database instance or database can view and access the database instance or database. This way, users can view and access only databases on which they have permissions. This further enhances data security.
Note In DMS, permissions on a database include the query, export, and change permissions. If you have one of these permissions on a database, you can view the following information about the database:
  • Information about the database. You can search for the database in the search box in the upper part of the left-side navigation pane or in the top navigation bar of the DMS console. Alternatively, you can search for the database in the Select the databases, tables, or columns on which you want to apply for permissions field on the Ticket Application page. You can query the data in the database only when you have the query permissions on the database.
  • Information about the database instance to which the database belongs. To view the information about other databases in this database instance, you must have permissions on the other databases.
You can enable metadata control access for the following objects:
  • A user: The user can view and access only databases on which the user has permissions.
  • A database: Only users who have permissions on the database can view and access the database.
  • A database instance: Only users who have permissions on the database instance can view and access the database instance and the databases in this database instance.

Enable access control for a user

After you enable metadata access control for a user, the following limits apply to the user:
  • The user can view information about and access only the databases on which the user has permissions. The user can go to the Accessible Assets tab to view the databases on which the user has permissions. For more information, see View owned permissions.
  • The user cannot view the database instances and databases on which the user has no permissions. These database instances and databases are not displayed in the left-side navigation pane. The user cannot find these database instances and databases by using the search box in the top navigation bar or by searching for the database in the Select the databases, tables, or columns on which you want to apply for permissions field on the Permission Application Ticket page. In addition, the user cannot apply for permissions on these database instances or databases.
  1. Log on to the DMS console V5.0.
  2. In the top navigation bar, click O&M. In the left-side navigation pane, click User.
    Note If you are using the previous version of the DMS console, move the pointer over the More icon in the top navigation bar and choose System > User.
  3. Find the user to whom you want to grant permissions and choose More > Access control in the Actions column.
    Note To enable access control for multiple users at a time, select the users and click Access control in the upper part of the page.
  4. In the User access control dialog box, turn on Metadata access control and click OK.

Enable metadata access control for a database

  1. Log on to the DMS console V5.0.
  2. In the top navigation bar, click Data Assets. In the left-side navigation pane, click Instances.
  3. On the Instances page, click the Database List tab.
  4. On the Database List tab, find the database for which you want to enable metadata access control, move the pointer over More in the Actions column, and then select Access control.
    Note To enable metadata access control for multiple databases at a time, select the databases, move the pointer over Batch operation in the upper part of the tab, and then select Access control.
  5. In the Metadata access control dialog box, turn on Metadata access control and click OK.

Enable metadata access control for a database instance

  1. Log on to the DMS console V5.0.
  2. In the top navigation bar, click Data Assets. In the left-side navigation pane, click Instances.
  3. On the Instances page, click the Instance List tab.
  4. On the Instance List tab, find the database instance for which you want to enable metadata access control, move the pointer over More in the Actions column, and then select Access control.
    Note You can enable metadata access control only for instances in the Security Collaboration mode. You can also enable metadata access control for multiple instances at a time.
  5. In the Metadata access control dialog box, turn on Metadata access control and click OK.