Dataphin:Request, Renew, and Return Table Permissions

Prerequisites

To use table permissions for data sources, you must first configure data collection tasks for MySQL and Oracle databases in the Metadata Center.

Limits

Permission requests are supported only for tables from Oracle and MySQL data sources.

Approval Process

If you change the approval process settings after a table permission request is submitted, such as switching the process from enabled to disabled, the original approval process still applies. If the request is approved, the permissions are granted.

Permission Request Guidelines

• When you request permission to alter a table schema, modify table data, or delete a table, only table-level permissions are supported. You cannot request a permission type if it cannot be requested for any of the involved fields.

• For table data query permissions, if rules prohibit permission requests for certain fields, you cannot request table-level permissions. Instead, you must request field-level permissions. The system automatically ignores fields for which permissions cannot be requested when you apply for field-level permissions. For more information about data permission approval rules, see Data Permission Approval Configuration.

• To request permission to create a table, you must be a member of the target project and have a role that includes the Asset Permissions - Create permission.

  • If the production data security mode is enabled, you must submit a publishing workflow to create tables in the production environment. If this mode is disabled, you can create tables in the development environment, provided you are a member of the target project and your role includes the Asset Permissions - Create permission. For more information about enabling the production data security mode, see Security Settings.

  • If the cross-project security mode is enabled, you can create tables only within the project associated with the task. Cross-project table creation is not permitted. For more information about enabling the cross-project security mode, see Security Settings.

• To request permission to alter a table schema, such as dropping an index or a view, you can apply directly through a table permission request. For more information, see Request Table Permissions.

• To request permission to delete a table, you can apply directly through a table permission request. For more information, see Request Table Permissions.

• To request permission to modify table data, you can apply directly through a table permission request. For more information, see Request Table Permissions.

Application Form Permissions

1. On the Dataphin homepage, in the top menu bar, select Management Hub > Permission Management.

2. In the left navigation pane, choose My Permissions > Table Permissions. On the Table Permission page, click Request Table Permissions in the upper-right corner.

3. On the Request Table Permissions page, you can configure the parameters.

   Parameter	Description
   Account Type	Based on your business scenario, you can grant table permissions to one or more of the following: User Account, Project Account, or User Group. User Account is used for data modeling and development in the development environment. Data developed under this account is published to the production environment through a publishing workflow. If you select User Account, specify an Expired At date. Project Account is used to manage and run tasks submitted to the production environment. If you select Project Account, specify the Target Project. User Group is used to manage permissions for members in the group. If you select User Group, specify the User Group and an Expired At date.
   Application Form Name	Select the compute source table or data source table for which you need permissions. You can perform a fuzzy search by table name keyword, add multiple tables in bulk, or click the icon to filter precisely by Business Unit/Project or Table Type. Table Type: Options include Physical Table, Meta Table, Mirror Table, View, Materialized View, Logical View, and Logical Table. Business Unit/Project: When selecting Logical View or Logical Table, choose the business unit where the logical table resides. When selecting Physical Table, Meta Table, Mirror Table, or View, choose the project where the physical table resides. Bulk Add Tables: Click Bulk Search and Add. In the Bulk Search dialog box, enter the table names. For compute source tables, use project.table or business_unit.table for exact search. For data source tables, use DB/Schema.table for exact search. Separate multiple table names with semicolons (;), commas (,), or line feeds (\n). You can add up to 50 tables at once. Note You can request permissions for up to 100 tables in a single bulk operation. Filters are optional. Without filters, you can select tables of mixed types. With filters, you can narrow results precisely.
   Select Fields	By default, the entire table is selected. You can modify this selection. When selecting multiple tables, all fields are selected by default (Select All), but you can adjust as needed. After selecting a table, configure permissions: Permission Granularity: Table-Level Permission: Shows the table’s highest sensitivity level (requires Asset Security enabled). Grants access to all fields in the table. New fields added later are automatically included. Use this option when the table contains no sensitive data. Field-Level Permission: Grants access only to selected fields. New fields require separate permission requests. Use this option when the table contains sensitive data and you need fine-grained control. Select by Sensitivity Level: Requires Data Security enabled. Lets you quickly select fields based on their sensitivity classification. If the table’s project/business unit/data source has a custom permission approval policy enabled, the approval template is determined by the table’s highest sensitivity level. If no sensitivity level is assigned, the default approval template is used. Permission Type: Varies by table type as follows: For the Logical View, Physical View, and Modeling Logical Table table types, Query Table Data is always selected. For Physical Table: Select is selected by default. You can also select Write, Delete, or Alter. For table types Metatable and Mirror Table, the default selection is Query Table Data, and you can also select Modify Table Data. For Datasource Table, Datasource View, or Datasource Materialized View: Select is selected by default and cannot be changed. The field list displays the following information: Serial Number, Field Name, Field Description, Data Type, Data Class, and Data Sensitivity Level. If row-level permissions apply to the selected table and account, click Row-Level Permission Effective to view details.
   Row-Level Permission Selection	If the selected associated table has row-level permissions configured, you can request them simultaneously. The system displays the row-level permission name, description, associated table, whether a request is needed, and control rules. Request Required: Indicates whether the selected account already has control rule permissions for the current associated table. If Yes, the account lacks the required permissions. We recommend requesting them. Click the View icon to open the Control Rule Permissions for Selected Account on Current Row-Level Permission: dialog box and review the accounts needing permission. If No, the account already has one or more control rule permissions. You can add additional rules. Click the View icon to open the Control Rule Permissions for Selected Account on Current Row-Level Permission: dialog box and review existing permissions. Control Rule: Select a control rule configured for the current row-level permission.
   Request Reason	Enter a reason for the permission request. This helps approvers understand your needs. The reason must be 5 to 500 characters long.

4. Click Submit to complete the request.

Table Permission Details

On the Table Permissions page, click the In Effect, Out of Effect, or Application Record tab to view permissions in different states.