When you configure a data migration task, you must specify the accounts of the source and destination databases. The database accounts are used for data migration. Different databases and migration types require different permissions. You must create and authorize database accounts before you configure a data migration task.

Permissions required for the source database account

Database Required permission References
ApsaraDB RDS for MySQL instance Read permissions on the objects to migrate Create databases and accounts for an ApsaraDB RDS for MySQL instance and Modify the permissions of a standard account on an ApsaraDB RDS for MySQL instance
Self-managed MySQL database
  • Schema migration: the SELECT permission on the objects to migrate
  • Full data migration: the SELECT permission on the objects to migrate
  • Incremental data migration: the SELECT permission on the objects to migrate,

    the REPLICATION CLIENT, REPLICATION SLAVE, and SHOW VIEW permissions, and

    the permissions to create databases and tables. The permissions allow DTS to create a database named dts to record heartbeat data during migration.

Create an account for a user-created MySQL database and configure binary logging
PolarDB for MySQL cluster Read permissions on the objects to migrate Create a database account
PolarDB for Oracle cluster Permissions of a privileged account Create database accounts
ApsaraDB RDS for MariaDB TX instance Read permissions on the objects to migrate For more information, see Create a database and account on an ApsaraDB RDS for MariaDB TX instance.
ApsaraDB RDS for SQL Server instance
  • Schema migration: the SELECT permission on the objects to migrate
  • Full data migration: the SELECT permission on the objects to migrate
  • Incremental data migration: the owner permission on the object to migrate
    Note A privileged account has the required permissions.
For more information, see Create an account for an ApsaraDB RDS for SQL Server instance.
Self-managed SQL Server database
  • Schema migration: the SELECT permission on the objects to migrate
  • Full data migration: the SELECT permission on the objects to migrate
  • Incremental data migration: the permissions of the sysadmin role
For more information, see CREATE USER.
ApsaraDB RDS for PostgreSQL instance
  • Schema migration: the USAGE permission on pg_catalog
  • Full data migration: the SELECT permission on the objects to migrate
  • Incremental data migration: the permissions of a privileged account. The account must be the owner of the database.
    Note If the source database runs on an ApsaraDB RDS for PostgreSQL 9.4 instance and you migrate only DML operations, the database account must have the REPLICATION permission.
Create an account on an ApsaraDB RDS for PostgreSQL instance and Create a database on an ApsaraDB RDS for PostgreSQL instance
Self-managed PostgreSQL database
  • Schema migration: the USAGE permission on pg_catalog
  • Full data migration: the SELECT permission on the objects to migrate
  • Incremental data migration: permissions of the superuser role
For more information, see CREATE USER and GRANT.
Self-managed Oracle database
  • Schema migration: permissions of the schema owner
  • Full data migration: permissions of the schema owner
  • Incremental data migration: permissions of the database administrator (DBA)
For more information, see CREATE USER and GRANT.
Notice If you want to migrate incremental data from an Oracle database but permissions of the DBA cannot be granted to the database account, you can grant fine-grained permissions to the account. For more information, see Migrate data from a self-managed Oracle database to an AnalyticDB for PostgreSQL instance.
ApsaraDB for MongoDB instance
  • Full data migration: read permissions on the source database
  • Incremental data migration: read permissions on the source, admin, and local databases
For more information, see Manage user permissions on MongoDB databases.
Self-managed MongoDB database
  • Full data migration: read permissions on the source database
  • Incremental data migration: read permissions on the source, admin, and local databases
For more information, see db.createUser().
ApsaraDB for Redis instance Read permissions on the objects to migrate Create and manage database accounts
Self-managed Redis database The PSYNC or SYNC statement can be executed on the source Redis database. None
Self-managed TiDB database The SELECT permission on the objects to migrate and the SHOW VIEW permission For more information, see Privilege Management
Self-managed Db2 database
  • Schema migration: the SELECT permission on the objects to migrate and the CONNECT permission
  • Full data migration: the SELECT permission on the objects to migrate and the CONNECT permission
  • Incremental data migration: the DBADM authority
For more information, see Creating group and user IDs for a Db2 database installation and Authorities overview.

Permissions required for the destination database account

Database Required permission Authorization method
ApsaraDB RDS for MySQL instance Read and write permissions on the destination database For more information, see Create an account on an ApsaraDB RDS for MySQL instance and Modify the permissions of a standard account for an ApsaraDB RDS for MySQL instance.
PolarDB for MySQL cluster Read and write permissions on the destination database For more information, see Create database accounts.
Self-managed MySQL database The ALL permission on the destination database For more information, see Create an account for a user-created MySQL database and configure binary logging.

AnalyticDB for MySQL cluster

  • Version 2.0: DTS automatically creates a database account and grants permissions to the account. You do not need to specify the database account.
  • Version 3.0: The read and write permissions are required.
Version 3.0: Create a database account.
PolarDB-X 1.0 instance Read and write permissions on the destination database For more information, see Manage database accounts.
ApsaraDB RDS for MariaDB TX instance Read and write permissions on the destination database For more information, see Create an account on an ApsaraDB RDS for MariaDB TX instance.
ApsaraDB RDS for SQL Server instance Read and write permissions on the destination database For more information, see Create an account on an ApsaraDB RDS for SQL Server instance.
Self-managed SQL Server database The ALL permission on the destination database For more information, see CREATE USER.
ApsaraDB RDS for PostgreSQL instance
  • Schema migration: the CREATE and USAGE permissions on the migrated objects
  • Full data migration: permissions of the schema owner
  • Incremental data migration: the permissions of the schema owner
For more information, see Create an account on an ApsaraDB RDS for PostgreSQL instance.
Self-managed PostgreSQL database The ALL permission on the destination database For more information, see CREATE USER and GRANT.
PolarDB for Oracle cluster Permissions of the schema owner For more information, see Create database accounts
Self-managed Oracle database Permissions of the schema owner For more information, see CREATE USER and GRANT.
ApsaraDB for MongoDB instance The dbAdminAnyDatabase permission, the read and write permissions on the destination database, and the read permissions on the local database For more information, see Manage user permissions on MongoDB databases.
Self-managed MongoDB database Read and write permissions on the destination database and the read permissions on the local database For more information, see db.createUser().
ApsaraDB for Redis instance If you use the instance password, no authorization is required. None
If you use a custom account, the read and write permissions are required. For more information, see Create and manage database accounts.
Self-managed Redis database The database password must be valid. None