All Products
Search

This Product

    Dataphin:Request Consumption Permission

    Document Center

    Dataphin:Request Consumption Permission

    Last Updated:Mar 05, 2026

    To use an asset, you must request consumption permission (table data access permission). This topic describes how to request consumption permission for a table.

    Prerequisites

    You have purchased the Asset Operations value-added service and enabled the Asset Operations module for your current tenant.

    Limits

    • You can request consumption permission for data source tables only when the data table is a Dataphin table or the data source type is MySQL (except MySQL 5.1.43), Oracle, MaxCompute, or Hive (except CDH5.x Hive 1.1.0).

    • For consumption permissions, if some fields match rules that prohibit permission requests, you cannot request table-level permission. Instead, request field-level permission. When you request field-level permission, the system automatically skips fields that cannot be requested. For details about data permission approval rules, see Data Permission Approval Configuration.

    Approval Process

    If you change approval process settings (such as disabling permission requests) after an approval ticket for a data table has been created, the change does not affect the existing ticket. You receive the requested permission only after the ticket is approved.

    Request Table Consumption Permission

    You can request a single consumption permission. You can also add assets to the Application Cart to request permissions in batch. If you are requesting consumption permissions and need to add an asset from the Application Cart to the permission request page, click the image icon in the Actions column of the Application Cart panel.

    Request a Single Consumption Permission

    1. On the Dataphin homepage, in the top menu bar, choose Asset > Asset Catalog.

    2. Select the target asset and click Request Permission to go to the permission request page.

    3. On the Request Permission page, configure the parameters.

      Parameter

      Description

      Request Scope

      Asset Information

      Displays the asset name, highest sensitivity level (requires the Data Security module), and row-level permission information.

      Row-Level Permissions: If the requested data table or account is subject to row-level permission controls, click Row-Level Permissions or hover over the image icon next to a field to view control details.

      image

      Request Configuration

      Shows available consumption channels for the asset, including Notebook analysis, Quick BI dashboards, and Quick BI Downloads.

      Permission Granularity

      Table-level permission is selected by default. You can change it to field-level permission.

      • Table-Level Permission: Grants access to all fields in the table upon approval. Any new fields added later are automatically authorized. Table-level permission is more efficient. Use it when the table contains no sensitive data. Evaluate based on the table’s highest sensitivity level (requires the Asset Security feature).

      • Field-Level Permission: Grants access only to specified fields, following the principle of least privilege.

      • Select by Data Classification: Requires the Data Security feature. Lets you quickly select fields of a specific sensitivity level in bulk.

        If the project, business unit, or data source of the table has a custom permission approval policy with permission requests enabled, the approval template is determined by the table’s highest sensitivity level. If the table has no data classification, the default approval template is used.

      Field List

      • All fields in the table are selected by default. You can quickly filter fields using Data Sensitivity Level (requires the Data Security module), All Fields, Selected Fields, Unselected Fields, or Batch Select. You can also search by field display name or field name.

      • The field list shows the ordinal number, field name, field display name, field description, field type, data classification, and data sensitivity level.

      Row-Level Permission Selection

      Shows row-level permissions associated with the selected related table, including permission name, description, related table, whether a request is needed, and control rule information.

      • Request Required: Indicates whether the selected account has permission for the row-level control rules of the current related table.

        • If Yes, the selected account lacks permission for the row-level control rules of the current related table. We recommend requesting permission. Click the View icon to open the Control rule permissions for the selected account on the current row-level permission: dialog box and view the accounts that require permission.

        • If No, the selected account already has permission for one or more row-level control rules of the current related table. You can add other control rules. Click the View icon to open the Control rule permissions for the selected account on the current row-level permission: dialog box and view the granted row-level control rules.

      • Control Rule: Lets you select a control rule configured for the current row-level permission.

      Request Information

      Validity Period

      Select a validity period for the consumption permission: 30 days, 90 days, 180 days, permanent, or a custom duration.

      Request Reason

      Enter a reason for the consumption permission request. This helps approvers understand your request. The reason must not exceed 500 characters.

    4. Click Submit. You can view the approval task details in Task Hub > My Requests.

    Request Consumption Permissions in Bulk

    1. On the Dataphin homepage, in the top menu bar, choose Asset > Asset Catalog.

    2. Select the target assets, click Add to Application Cart, then click Application Cart to open the Application Cart dialog box.

    3. In the Application Cart, select up to 50 assets for which you want to request permissions in bulk. After selection, click the Request button at the bottom.

    4. On the Request Permission page, configure the parameters.

      Parameter

      Description

      Request Scope

      Bulk Configure Request Scope

      Applies to all assets in this request. If bulk configuration is enabled, you cannot modify permission settings for individual assets.

      • Table-Level Permission: Grants access to all fields in the table upon approval. Any new fields added later are automatically authorized. Table-level permission is more efficient. Use it when the table contains no sensitive data. Evaluate based on the table’s highest sensitivity level (requires the Asset Security feature).

      • Field-Level Permission: Grants access only to specified fields, following the principle of least privilege.

      • Select by Data Classification: If you have enabled the Data Security feature, you can quickly select fields of a specific sensitivity level in bulk.

      Note

      You must enable the Data Security module to select fields by sensitivity level for field-level permission requests.

      Asset List

      Click an asset name to view field details. To remove an asset from the request list, click the cancel request image icon.

      Asset Information

      Displays the asset name, highest sensitivity level (requires the Data Security module), and row-level permission information.

      Row-Level Permissions: If the requested data table or account is subject to row-level permission controls, click Row-Level Permissions or hover over the image icon next to a field to view control details.

      image

      Request Configuration

      Shows available consumption channels for the asset, including Notebook analysis, Quick BI dashboards, and Quick BI Downloads.

      Permission Granularity

      Table-level permission is selected by default. You can change it to field-level permission.

      • Table-Level Permission: Grants access to all fields in the table upon approval. Any new fields added later are automatically authorized. Table-level permission is more efficient. Use it when the table contains no sensitive data. Evaluate based on the table’s highest sensitivity level (requires the Asset Security feature).

      • Field-Level Permission: Grants access only to specified fields, following the principle of least privilege.

      • Select by Data Classification: If you have enabled the Data Security feature, you can quickly select fields of a specific sensitivity level in bulk.

        If the project, business unit, or data source of the table has a custom permission approval policy with permission requests enabled, the approval template is determined by the table’s highest sensitivity level. If the table has no data classification, the default approval template is used.

      Field List

      • All fields in the table are selected by default. You can quickly filter fields using Data Sensitivity Level (requires the Data Security module), All Fields, Selected Fields, Unselected Fields, or Batch Select. You can also search by field display name or field name.

      • The field list shows the ordinal number, field name, field display name, field description, field type, data classification, and data sensitivity level.

      Row-Level Permission Selection

      Shows row-level permissions associated with the selected related table, including permission name, description, related table, whether a request is needed, and control rule information.

      • Request Required: Indicates whether the selected account has permission for the row-level control rules of the current related table.

        • If Yes, the selected account lacks permission for the row-level control rules of the current related table. We recommend requesting permission. Click the View icon to open the Control rule permissions for the selected account on the current row-level permission: dialog box and view the accounts that require permission.

        • If No, the selected account already has permission for one or more row-level control rules of the current related table. You can add other control rules. Click the View icon to open the Control rule permissions for the selected account on the current row-level permission: dialog box and view the granted row-level control rules.

      • Control Rule: Lets you select a control rule configured for the current row-level permission.

      Request Information

      Validity Period

      Select a validity period for the consumption permission: 30 days, 90 days, 180 days, permanent, or a custom duration.

      Request Reason

      Enter a reason for the consumption permission request. This helps approvers understand your request. The reason must not exceed 500 characters.

    5. Click Submit. You can view the approval task details in Task Hub > My Requests.

    What to Do Next

    After your consumption permission request is approved, you can view all My Available assets in the My Available list. For details, see View and manage my available assets.