Data Transmission Service (DTS) allows you to use Resource Access Management (RAM) to manage permission policies. You can create and manage tasks as a RAM user. You can also track data changes in real time by using the AccessKey ID and AccessKey secret of the RAM user.
Prerequisites
A RAM user is authorized to access the cloud resources (such as RDS instances and ECS instances) of the current Alibaba Cloud account. When you configure a DTS task as the RAM user, DTS is allowed to call the relevant cloud resource information. For more information, see Authorize DTS to access Alibaba Cloud resources.
Permission policies
DTS supports read/write and read-only policies.
- Read/write policy: AliyunDTSFullAccess
This policy grants the read and write permissions on DTS. If this policy is attached to a RAM user, the RAM user can purchase, configure, and manage DTS instances.
- Read-only policy: AliyunDTSReadOnlyAccess This policy grants the read permissions on DTS. If this policy is attached to a RAM
user, the RAM user can view the details and configurations of all DTS tasks owned
by the Alibaba Cloud account. However, the RAM user cannot perform change operations.
Note Change operations include the purchase, configuration, and management of DTS instances.
Procedure
- Log on to the RAM console by using your Alibaba Cloud account
- Create a RAM user.
Note When you create a RAM user, you must specify Programmatic Access as the access mode and download and save the AccessKey pair.
- In the left-side navigation pane, choose .
- On the Users page, find the RAM user to which you want to grant permissions and click Add Permissions in the Actions column.
- In the Add Permissions panel, select the required permission policies.
- Select System Policy.
- Enter dts in the search box to query the system permission policies that are related to DTS.
- Click AliyunDTSFullAccess to add the policy to the Selected section.
- Click OK.
- Click Finished.