Data Management Service (DMS) provides the metadata access control feature. You can enable this feature to allow only users who have permissions on an instance or a database to view information about and access the instance or database. This topic describes how to enable metadata access control in DMS.
Prerequisites
Background information
As a centralized data management service, DMS provides different roles that are assigned
different permissions. This helps you manage data in your enterprise in a secure manner.
After you enable metadata access control for an instance or a database, only users
who have permissions on the instance or database can view information about and access
the instance or database. This way, users can view information about and access only
databases on which they have permissions. This further enhances data security.
Note In DMS, permissions on a database include the query, export, and change permissions.
If you have one of these permissions on a database, you can view the following information
about the database:
- Information about the database. The database name will be displayed in the left-side navigation pane of the DMS console. You can search for the database in the search box at the top of the left-side navigation pane. You can also apply for other permissions on the database. Whether you can query data in the database depends on whether you have the query permission on the database.
- Information about the instance to which the database belongs. Whether you can view information about another database in this instance depends on whether you have permissions on the database.
You can enable metadata control access for the following objects:
- A user: The user can view information about and access only databases on which the user has permissions.
- A database: Only users who have permissions on the database can view information about and access the database.
- An instance: Only users who have the access permission on the instance can view information about and access the instance. If a user has permissions on a database in this instance, the user can view information about and access the database.
Enable access control for a user
After you enable metadata access control for a user, the following limits apply to the user:
- The user can view and access only the databases on which the user has permissions. The user can go to the Accessible Assets tab in the lower part of the Home page to view the databases on which the user has permissions. For more information, see View owned permissions.
- The user cannot view the database instances and databases on which the user has no permissions. These database instances and databases are not displayed in the left-side navigation pane. The user cannot find these database instances and databases by using the search box in the top navigation bar or by searching for the database in the Select the databases, tables, or columns on which you want to apply for permissions field on the Permission Application Ticket page. In addition, the user cannot apply for permissions on these database instances or databases.