All Products
Search

This Product

    Dataphin:Request consumption permission

    Document Center

    Dataphin:Request consumption permission

    Last Updated:Nov 18, 2025

    To use an asset, you must request its consumption permission, which is the permission to access table data. This topic describes how to request consumption permission for a table.

    Prerequisites

    You have purchased the Asset Operation value-added service, and the Asset Operation module is enabled for the current tenant.

    Limits

    You can request consumption permission for a table if it is a Dataphin table or if its data source is MySQL (excluding version 5.1.43), Oracle, MaxCompute, or Hive (excluding CDH 5.x Hive 1.1.0).

    Approval flow description

    If you change the approval flow settings (for example, by disabling permission requests) after an approval request for data table permission is submitted, the existing approval request is not affected. The requested permission is granted only after the approval process is complete.

    Consumption Permissions for an Application

    You can request consumption permission for a single asset or add assets to the Application Cart to request permissions in a batch. To add an asset from the Application Cart to the permission request page, click the image icon in the Actions column of the Application Cart panel.

    Request a single consumption permission

    1. On the Dataphin home page, go to Asset > Asset Catalog in the top menu bar.

    2. Select the target asset and click Request Permission to open the permission request page.

    3. On the Request Permission page, configure the parameters.

      Parameter

      Description

      Request Scope

      Asset Information

      Shows the asset's name, highest confidentiality level (requires the data security module), and row-level permission information.

      Row-level permissions: If the requested data table or account is controlled by row-level permissions, click Row-level permissions or hover your mouse over the image icon next to a field to view the control information.

      image

      Request Configuration

      Shows the available consumption channels for the asset, including Notebook analysis, Quick BI dashboards, and Quick BI Downloads.

      Permission Granularity

      By default, permission for the entire table is selected. You can change this to field-level permission.

      • Table-Level Permission: Grants permission for the entire table, including all its fields. Any new fields added later are automatically granted. Table-level authorization is more efficient. Use this option when the table contains no sensitive data. You can evaluate this based on the table's highest confidentiality level (requires the asset security feature).

      • Field-level Permission: Requests permission for only specified fields, following the principle of least privilege.

      • Select By Data Classification: If the data security feature is enabled, you can quickly select fields of a specific classification in a batch based on the fields' highest confidentiality level.

      Field List

      • By default, all fields in the table are selected. You can quickly filter fields by data classification (requires the data security module), selection status, or batch selection. You can also search by field display name or field name.

      • The field list shows the ordinal number, field name, field display name, field description, field type, data classification, and data categorization information.

      Row-level Permission Selection

      Displays the row-level permissions associated with the selected table join. This includes the row-level permission name, description, joined table, whether a request is required, and control rule information.

      • Is Request Required: Indicates whether the selected account has the required control rule permissions for the row-level permissions on the current joined table.

        • If Yes, the selected account does not have the control rule permissions. A request is recommended. Click the View icon to see the account that needs to request control rule permissions in the The Selected Account Has The Following Control Rule Permissions For The Current Row-level Permissions: dialog box.

        • If No, the selected account has control rule permissions for one or more row-level permissions on the current joined table. You can add other control rules. Click the View icon to see the control rules for the requested row-level permissions in the The Selected Account Has The Following Control Rule Permissions For The Current Row-level Permissions: dialog box.

      • Control Rule: Lets you select a configured control rule for the current row-level permission.

      Request Information

      Validity Period

      Select the duration for the consumption permission. Options include 30 days, 90 days, 180 days, long-term, and custom.

      Request Reason

      Enter a reason for the permission request. The reason is for the approver to review and cannot exceed 500 characters.

      For consumption permissions, if some fields are subject to a rule that prevents permission requests, you cannot request table-level permission, but you can request field-level permission. When you request field-level permission, the system automatically ignores fields for which permission cannot be requested. For more information about data permission approval rules, see Data permission approval configuration or .

    4. Click Submit. You can view the details of the approval task under Task Hub > My Initiated.

    Request consumption permissions in a batch

    1. On the Dataphin home page, go to Asset > Asset Catalog in the top menu bar.

    2. Select the required assets and click Add To Application Cart. Then, click Application Cart to open the Application Cart dialog box.

    3. In the Application Cart dialog box, select the assets for which you want to request permissions. You can select up to 50 assets in a single batch request. After you make your selections, click the Request button at the bottom.

    4. On the Request Permission page, configure the parameters.

      Parameter

      Description

      Request Scope

      Batch Configure Request Scope

      Applies to all assets in the current request. If you enable batch configuration, you cannot change the permission configuration for individual assets.

      • Table-Level Permission: Grants permission for the entire table, including all its fields. Any new fields added later are automatically granted. Table-level authorization is more efficient. Use this option when the table contains no sensitive data. You can evaluate this based on the table's highest confidentiality level (requires the asset security feature).

      • Field-level Permission: Requests permission for only specified fields, following the principle of least privilege.

      • Select By Data Classification: If the data security feature is enabled, you can quickly select fields of a specific classification in a batch based on the fields' highest confidentiality level.

      Note

      The data security module must be enabled to request field-level permission by selecting specified fields based on data classification.

      Asset List

      Click an asset name to view its field details. To remove an asset from the request list, click the cancel request image icon.

      Asset Information

      Shows the asset's name, highest confidentiality level (requires the data security module), and row-level permission information.

      Row-level permissions: If the requested data table or account is controlled by row-level permissions, click Row-level permissions or hover your mouse over the image icon next to a field to view the control information.

      image

      Request Configuration

      Shows the available consumption channels for the asset, including Notebook analysis, Quick BI dashboards, and Quick BI Downloads.

      Permission Granularity

      By default, permission for the entire table is selected. You can change this to field-level permission.

      • Table-Level Permission: Grants permission for the entire table, including all its fields. Any new fields added later are automatically granted. Table-level authorization is more efficient. Use this option when the table contains no sensitive data. You can evaluate this based on the table's highest confidentiality level (requires the asset security feature).

      • Field-level Permission: Requests permission for only specified fields, following the principle of least privilege.

      • Select By Data Classification: If the data security feature is enabled, you can quickly select fields of a specific classification in a batch based on the fields' highest confidentiality level.

      Note

      The data security module must be enabled to request field-level permission.

      Field List

      • By default, all fields in the table are selected. You can quickly filter fields by data classification (requires the data security module), selection status, or batch selection. You can also search by field display name or field name.

      • The field list shows the ordinal number, field name, field display name, field description, field type, data classification, and data categorization information.

      Row-level Permission Selection

      Displays the row-level permissions associated with the selected table join. This includes the row-level permission name, description, joined table, whether a request is required, and control rule information.

      • Is Request Required: Indicates whether the selected account has the required control rule permissions for the row-level permissions on the current joined table.

        • If Yes, the selected account does not have the control rule permissions. A request is recommended. Click the View icon to see the account that needs to request control rule permissions in the The Selected Account Has The Following Control Rule Permissions For The Current Row-level Permissions: dialog box.

        • If No, the selected account has control rule permissions for one or more row-level permissions on the current joined table. You can add other control rules. Click the View icon to see the control rules for the requested row-level permissions in the The Selected Account Has The Following Control Rule Permissions For The Current Row-level Permissions: dialog box.

      • Control Rule: Lets you select a configured control rule for the current row-level permission.

      Request Information

      Validity Period

      Select the duration for the consumption permission. Options include 30 days, 90 days, 180 days, long-term, and custom.

      Request Reason

      Enter the reason for the consumption permission request. This helps the approver review the request. The reason cannot exceed 500 characters.

      For consumption permissions, if some fields are subject to a rule that prevents permission requests, you cannot request table-level permission, but you can request field-level permission. When you request field-level permission, the system automatically ignores fields for which permission cannot be requested. For more information about data permission approval rules, see Data permission approval configuration or .

    5. Click Submit. You can view the details of the approval task under Task Hub > My Initiated.

    What to do next

    After your consumption permission request is approved, you can view all your available assets in the My Available list. For more information, see View and manage my available assets.