When you configure a data synchronization task, you must specify the database accounts for the source and destination databases. The database accounts are used for data synchronization. Different databases and synchronization types require different permissions. You must create and authorize database accounts before you configure a data synchronization task.

Permissions required for the source database account

Database Required permission References
ApsaraDB RDS for MySQL instance Read permissions on the objects to synchronize Create databases and accounts for an ApsaraDB RDS for MySQL instance and Modify the permissions of a standard account on an ApsaraDB RDS for MySQL instance
Self-managed MySQL database

The SELECT permission on the objects to synchronize

The REPLICATION CLIENT, REPLICATION SLAVE, and SHOW VIEW permissions

Permissions to create databases and tables. The permissions allow Data Transmission Service (DTS) to create a database named dts to record heartbeat data during synchronization.

Create an account for a user-created MySQL database and configure binary logging
PolarDB for MySQL cluster Read permissions on the objects to synchronize Create a database account
PolarDB for Oracle cluster Permissions of a privileged account Create database accounts
PolarDB-X 1.0 instance Read permissions on the objects to synchronize Manage database accounts
ApsaraDB RDS for SQL Server instance The owner permission on the source database
Note A privileged account has the required permissions.
Modify the permissions of a standard account on an ApsaraDB RDS for SQL Server instance
Self-managed SQL Server database The permissions of the sysadmin role CREATE USER and GRANT (Transact-SQL)
ApsaraDB RDS for PostgreSQL instance Permissions of a privileged account. The account must be the owner of the database.
Note If the source database runs on an ApsaraDB RDS for PostgreSQL instance V9.4 and you synchronize only DML operations, the database account must have the REPLICATION permission.
Create an account on an ApsaraDB RDS for PostgreSQL instance and Create a database on an ApsaraDB RDS for PostgreSQL instance
Self-managed PostgreSQL database Permissions of the superuser role CREATE USER and GRANT
ApsaraDB for Redis instance Read permissions on the objects to synchronize Create and manage database accounts
Self-managed Redis database The PSYNC or SYNC statement can be executed on the source Redis database. None
ApsaraDB for MongoDB instance
  • Full data migration: read permissions on the source database
  • Incremental data migration: read permissions on the source database, the admin database, and the local database
For more information, see Manage user permissions on MongoDB databases.
Self-managed MongoDB database
  • Full data migration: the read permissions on the source database
  • Incremental data migration: the read permissions on the source database, the admin database, and the local database
For more information, see db.createUser().
Self-managed TiDB database The SELECT permission on objects to migrate and the SHOW VIEW permission Privilege Management

Permissions required for the destination database account

Database Required permission References
ApsaraDB RDS for MySQL instance Read and write permissions on the destination database Create databases and accounts for an ApsaraDB RDS for MySQL instance and Modify the permissions of a standard account on an ApsaraDB RDS for MySQL instance
Self-managed MySQL database The ALL permission on the destination database Create an account for a user-created MySQL database and configure binary logging
PolarDB for MySQL cluster The ALL permission on the destination database Create a database account
PolarDB for Oracle cluster The permissions of the database owner You can specify the database owner when you create a database.
PolarDB-X 1.0 instance Write permissions on the objects to synchronize Manage database accounts
ApsaraDB for Redis instance If you use the instance password, no authorization is required. None
If you use a custom account, read and write permissions are required. Create and manage database accounts
Self-managed Redis database The database password must be valid. None
ApsaraDB for MongoDB instance The dbAdminAnyDatabase permission, read and write permissions on the destination database, and read permissions on the local database For more information, see Manage user permissions on MongoDB databases.
Self-managed MongoDB database The dbAdminAnyDatabase permission, the read and write permissions on the destination database, and the read permissions on the local database For more information, see db.createUser().

AnalyticDB for MySQL cluster

  • Version 2.0: DTS automatically creates a database account and grants permissions to the account. You do not need to specify the database account.
  • Version 3.0: Read and write permissions are required.
Version 3.0: Create a database account

AnalyticDB for PostgreSQL instance

The initial account or an account that has the RDS_SUPERUSER permission is required.
Message Queue for Apache Kafka instance N/A
Note If the instance type of the Message Queue for Apache Kafka instance is VPC Instance, you do not need to specify the database account or database password.
None
Self-managed Kafka cluster N/A
Note If no authentication is enabled for the Kafka cluster, you do not need to enter the username or password.
None
DataHub project You do not need to specify the database account when you configure the task. None
Elasticsearch cluster The logon name and logon password that are specified when you create the Elasticsearch cluster. The default logon name is elastic. Create an Elasticsearch cluster
MaxCompute project The CREATE TABLE, CREATE INSTANCE, CREATE RESOURCE, CREATE JOB, and List permissions on the project to synchronize When you configure the data synchronization task, DTS automatically authorizes the database account.
Tablestore You do not need to specify the database account when you configure the task. None
ClickHouse cluster Read and write permissions on the objects to synchronize Create an account

Permissions required for the database accounts in two-way data synchronization tasks

The following table lists the permissions that are required for the source and destination database accounts in two-way data synchronization tasks. The permissions allow DTS to create a database named dts in the source and destination databases to prevent circular data replication.

Database Required permission References
ApsaraDB RDS for MySQL instance Permissions of a privileged account Create databases and accounts for an ApsaraDB RDS for MySQL instance
Self-managed MySQL database

The SELECT permission on the objects to synchronize

The REPLICATION CLIENT, REPLICATION SLAVE, and SHOW VIEW permissions

The permissions to create databases and tables. The permissions allow DTS to create a database named dts to prevent circular data replication.

Create an account for a user-created MySQL database and configure binary logging
ApsaraDB RDS for PostgreSQL instance Permissions of a privileged account. The account must be the owner of the database. Create an account on an ApsaraDB RDS for PostgreSQL instance and Create a database on an ApsaraDB RDS for PostgreSQL instance
Self-managed PostgreSQL database Permissions of the superuser role CREATE USER and GRANT
PolarDB for MySQL cluster Permissions of a privileged account Create a database account
ApsaraDB for Redis instance If you use the instance password, no authorization is required. None
If you use a custom account, the read and write permissions are required. Create and manage database accounts
Self-managed Redis database The PSYNC or SYNC statement can be executed on the source Redis database. None