Data Management (DMS) provides the metadata access control feature. You can enable this feature to allow users to view and access only the database instance or database on which they have permissions. This topic describes how to enable metadata access control in DMS.
Prerequisites
The database instance for which you want to enable metadata access control is managed in Security Collaboration mode. For more information, see Control modes.
Background information
As a centralized data management service, DMS provides different roles that are granted
different permissions. This helps you manage data in your enterprise in a secure manner.
After you enable metadata access control for a database instance or database, only
users who have permissions on the database instance or database can view and access
the database instance or database. This way, users can view and access only databases
on which they have permissions. This further enhances data security.
Note In DMS, permissions on a database include the query, export, and change permissions. If you have one of these permissions on a database, you can view the
following information about the database:
- Information about the database. You can search for the database in the search box in the upper part of the left-side navigation pane or in the top navigation bar of the DMS console. Alternatively, you can search for the database in the Select the databases, tables, or columns on which you want to apply for permissions field on the Ticket Application page. You can query the data in the database only when you have the query permissions on the database.
- Information about the database instance to which the database belongs. To view the information about other databases in this database instance, you must have permissions on the other databases.
You can enable metadata control access for the following objects:
- A user: The user can view and access only databases on which the user has permissions.
- A database: Only users who have permissions on the database can view and access the database.
- A database instance: Only users who have permissions on the database instance can view and access the database instance and the databases in this database instance.
Enable access control for a user
After you enable metadata access control for a user, the following limits apply to the user:
- The user can view information about and access only the databases on which the user has permissions. The user can go to the Accessible Assets tab to view the databases on which the user has permissions. For more information, see View owned permissions.
- The user cannot view the database instances and databases on which the user has no permissions. These database instances and databases are not displayed in the left-side navigation pane. The user cannot find these database instances and databases by using the search box in the top navigation bar or by searching for the database in the Select the databases, tables, or columns on which you want to apply for permissions field on the Permission Application Ticket page. In addition, the user cannot apply for permissions on these database instances or databases.