Data Management Service (DMS) provides the metadata access control feature. You can enable this feature to allow only users who have permissions on an instance or a database to view information about and access the instance or database. This topic describes how to enable metadata access control in DMS.
Prerequisites
Background information
As a centralized data management service, DMS provides different roles that are assigned
different permissions. This helps you manage data in your enterprise in a secure manner.
After you enable metadata access control for an instance or a database, only users
who have permissions on the instance or database can view information about and access
the instance or database. This way, users can view information about and access only
databases on which they have permissions. This further enhances data security.
Note In DMS, permissions on a database include the query, export, and change permissions.
If you have one of these permissions on a database, you can view the following information
about the database:
- Information about the database. The database name will be displayed in the left-side navigation pane of the DMS console. You can search for the database in the search box at the top of the left-side navigation pane. You can also apply for other permissions on the database. Whether you can query data in the database depends on whether you have the query permission on the database.
- Information about the instance to which the database belongs. Whether you can view information about another database in this instance depends on whether you have permissions on the database.
You can enable metadata control access for the following objects:
- A user: The user can view information about and access only databases on which the user has permissions.
- A database: Only users who have permissions on the database can view information about and access the database.
- An instance: Only users who have the access permission on the instance can view information about and access the instance. If a user has permissions on a database in this instance, the user can view information about and access the database.
Enable access control for a user
After you enable metadata access control for a user, the following limits apply to the user:
- The user can view and access only the databases on which the user has permissions. The user can go to the Accessible Assets tab in the lower part of the Home page to view the databases on which the user has permissions. For more information, see View owned permissions.
- The user cannot view the database instances and databases on which the user has no permissions. These database instances and databases are not displayed in the left-side navigation pane. The user cannot find these database instances and databases by using the search box in the top navigation bar or by searching for the database in the Select the databases, tables, or columns on which you want to apply for permissions field on the Permission Application Ticket page. In addition, the user cannot apply for permissions on these database instances or databases.
- Log on to the DMS console V5.0. Note To switch to the previous version of the DMS console, click the
icon in the lower-right corner of the page. For more information, see Switch to the previous version of the DMS console.
- Find the user for whom you want to enable access control, move the pointer over More in the Actions column, and then select Access control.
Note To enable access control for multiple users at a time, select the users and click Access control in the upper part of the tab. - In the User access control dialog box, turn on Metadata access control and click OK.
Enable metadata access control for a database
- Log on to the DMS console V5.0. Note To switch to the previous version of the DMS console, click the icon in the lower-right corner of the page. For more information, see Switch to the previous version of the DMS console.
- On the Database List tab, find the target database, move the pointer over More in the column, and then select Access control.
Note You can enable metadata access control for multiple databases at a time. Select the databases and click Access control at the top of this tab. - In the Metadata access control dialog box, turn on Metadata access control and click OK.
Enable metadata access control for an instance
- Log on to the DMS console V5.0. Note To switch to the previous version of the DMS console, click the icon in the lower-right corner of the page. For more information, see Switch to the previous version of the DMS console.
- On the Instance List tab of the Instance page, find the target instance, move the pointer over More in the column, and then select Access control.
Note You can enable metadata access control for multiple instances at a time. Select the instances and click Access control at the top of this tab. - In the Metadata access control dialog box, turn on Metadata access control and click OK.