System roles - Data Management - Alibaba Cloud Documentation Center

Data Management (DMS) provides various system roles that are described in the following table.


Role	Description	Permission
Regular user	Regular users can perform operations on databases. For example, they can query and change data, or view and change schemas. Regular users can be the R&D staff, testers, product staff, operations staff, or data analysts of enterprises.	By default, a RAM user that is added to a DMS tenant assumes the regular user role. Regular users cannot use the Instances, Users, Task, Configuration, Notification, Database Grouping, or Intelligent Operation feature in the DMS console. To execute SQL statements in the SQLConsole or use the features of the Data Plans module, regular users must apply for the required permissions first.
Security administrator	Security administrators can perform operations such as determining the sensitivity levels of fields and auditing user operations. Security administrators can be the internal auditors or security administrators of enterprises.	In addition to all the features that are available for regular users, security administrators can also use the Operation Logs and Sensitive Data features.
Database administrator (DBA)	DBAs are responsible for database management, including managing database instances, database development standards and processes, and task execution. DBAs in DMS can be the DBAs or O&M staff of enterprises.	In addition to all the features that are available for regular users, DBAs can also use all the system management features except for the Users feature.
DMS administrator	The DMS administrator role is automatically assigned to the Alibaba Cloud account that is used to create a DMS tenant. The DMS administrator role of this account cannot be revoked. You can specify a RAM user or another Alibaba Cloud account that is added to the current DMS tenant as a DMS administrator. No limit is set on the number of DMS administrators within a DMS tenant. DMS administrators are approvers for the Admin approval step of an approval process.	DMS administrators can use all the features in DMS. Note Only DMS administrators can use the Users feature.
Schema read-only	The schema read-only role is applicable to the staff such as data analysts in enterprises. In DMS, a user who assumes the schema read-only role has permissions to query the metadata of instances, databases, and tables. For example, the user can view the details of a table or export an entire database.	Users who assume the schema read-only role can query the metadata of all instances, databases, and tables, without the need to have the query, change, or export permissions on these instances, databases, and tables.

Note For more information about how to assign system roles to DMS users, see Manage users.