All Products
Search

This Product

    Dataphin:Request, renew, and return table permissions

    Document Center

    Dataphin:Request, renew, and return table permissions

    Last Updated:May 28, 2025

    If you need to use tables developed by others, you must request permissions for those tables. This topic describes how to request, renew, and return table permissions.

    Prerequisites

    You need to configure collection tasks for MySQL and Oracle databases in the Metadata Center to use data source table permissions.

    Limits

    Only Oracle and MySQL data source tables support permission requests.

    Approval process description

    If a table permission request approval form is generated and the approval process settings are modified (such as changing permission requests from enabled to disabled), the process will still follow the settings at the time of application. If the approval is granted, permissions will be assigned.

    Permission request description

    • When requesting permissions to modify table structure, modify table data, or delete a table, only table-level permissions are supported. If any field is subject to permission restrictions, you cannot request that permission type.

    • For table data query permissions, if some fields are subject to permission restrictions, you cannot request table-level permissions but can request field-level permissions. When requesting field-level permissions, the system automatically ignores permission requests for restricted fields. For details about data permission approval rules, see Data permission approval configuration.

    • When requesting permissions to create a table, you need to join the target project, and your role must include the Asset Permission-Create permission point.

      • If production data security mode is enabled, you need to submit a release process to create tables in the production environment. If production data security mode is disabled, you can create tables in the development environment after joining the target project and having a role with the Asset Permission-Create permission point. For more information, see Security settings.

      • If cross-project security mode is enabled, you can only create tables in the project where the task is located and cannot create tables across projects. For more information, see Security settings.

    • When requesting permissions to modify table structure, such as deleting indexes or views, you can directly request these permissions in the table permission request. For more information, see Request table permissions.

    • When requesting permissions to delete a table, you can directly request these permissions in the table permission request. For more information, see Request table permissions.

    • When requesting permissions to modify table data, you can directly request these permissions in the table permission request. For more information, see Request table permissions.

    Request table permissions

    1. On the Dataphin homepage, choose Management Hub > Permission Management from the top navigation bar.

    2. In the left-side navigation pane, choose My Permissions > Table Permissions. On the Table Permission page, click Request Table Permission in the upper-right corner.

    3. On the Request Table Permission page, configure the parameters.

      Parameter

      Description

      Account Type

      Based on your business scenario, you can grant table permissions to User Account, Project Account, and User Group simultaneously, or grant permissions to them individually.

      • User Account is used for data modeling and development in the development environment, and publishing data to the production environment. If you select User Account, you need to select Valid Until.

      • Project Account is used to manage and run tasks submitted to the production environment. If you select Project Account, you need to select Project.

      • User Group is used to manage permissions for members in the user group. If you select User Group, you need to select User Group and Valid Until.

      Request Table Name

      Select the tables for which you need to request permissions. You can perform a fuzzy search based on table name keywords, or click the image..png icon to filter tables precisely by Business Unit/Project/Data Source and Table Type.

      • Table Type: You can select Physical Table, Meta Table, Mirror Table, View , Materialized View, Logical View, Logical Table, Datasource Table, Datasource View, or Datasource Materialized View.

      • Business Unit/Project/Data Source: When the table type is Logical View or Logical Table, we recommend selecting the business unit where the logical table is located. When the table type is Physical Table, Meta Table, Mirror Table, or View, we recommend selecting the project where the physical table is located. When the table type is Datasource Table, Datasource View, or Datasource Materialized View, we recommend selecting the data source where the data source table is located.

        Note

        • You can select a maximum of 100 tables for batch permission requests.

        • Filter options are not required. If you do not select filter options, you can select multiple types of tables. If you select filter options, you can filter tables precisely.

      Select Fields

      By default, the entire table is selected for you, which you can modify. When selecting multiple tables, Select All is selected by default, which you can modify.

      After selecting a table, you need to configure permissions:

      • Permission Granularity:

        • Table-Level Permission: Shows the highest confidentiality level of the table (requires the Asset Security feature to be enabled). Grants permissions for the entire table, including all fields, and automatically grants permissions for any future field changes. Table-level authorization is more efficient and recommended when there is no sensitive data.

        • Field-Level Permission: Grants permissions based on current fields. New fields added later require separate permission requests/authorizations. Recommended when the table contains sensitive data and field-level permission control is needed.

        • Select By Confidentiality Level: When selected, the system updates the selected fields below based on the highest confidentiality level (fields without data classification, represented by -, will also be selected).

      • Permission Type: Different table types support different permission types. Details are as follows:

        • For table types Logical View, View, and Logical Table: Select is selected by default and cannot be modified.

        • For table type Physical Table: Select is selected by default, and you can also select Write, Delete, and Alter.

        • For table types Meta Table and Mirror Table: Select is selected by default, and you can also select Write.

        • For table types Datasource Table, Datasource View, and Datasource Materialized View: Select is selected by default and cannot be modified.

      The field list displays Serial Number, Field Name, Field Description, Data Type, Data Class, and Data Sensitivity Level information.

      When the requested data table and account are subject to row-level permission control, you can click Row-Level Permission Effect to view row-level permission information.

      Request Reason

      Enter the reason for requesting table permissions to help approvers review the request. The reason must contain at least 5 characters and no more than 500 characters.

    4. Click Submit to complete the table permission request.

    Data table permission details

    On the data table permission page, click the In Effect, Out Of Effect, or Application Record tab to view data table permission details in different states.

    Data table permissions in effect

    • Displays information about the data object name, table type, business unit/project/data source, permission expiration date, permission account, and permission type.

    • You can search by keywords in the data table name or the business unit/project/data source, filter by business unit/project/data source, account type, or table type, or use the quick filter to view data tables Expiring In 7 Days.

    • You can perform the following operations on the filtered data tables.

      Operation

      Description

      View Data Table Permission Details

      Click the name of the data object to view the data table permission details. For more information, see Data table details in effect.

      Return

      Return the entire data table permissions (including table and field permissions). In the Return Permission dialog box, click OK.

      Renewal

      Extend the usage period for tables or fields. In the Renew Permission dialog box, select Valid Until, enter the Renewal Reason, and click OK.

      Note

      • When the renewal scope is Field-Level Permission, the system automatically ignores fields that cannot be requested during renewal.

      • When the renewal scope is Table-Level Permission, you need to reapply for the data table permission.

      • If you need to customize the fields for renewal, you can submit a renewal request on the data details page that is in effect. For more information, see Data table details in effect.

    Data table details in effect

    You can view the basic information and permission details of data tables in effect, and perform permission request operations.

    • Basic Information: Displays the table name, table's business unit/project/data source, environment, permission account, and table owner information. You can click the Return Table Permission button in the upper-right corner to return the permissions for this table.

    • Permission Details: Displays table-level permissions, field-level permissions, and row-level permissions details.

      • Table-Level Permission: Displays permission types and expiration dates.

        • Query Table Data: Having table-level query permission allows you to query any field in the table, including fields added later. You can also apply for field-level query permissions separately, and the system will use the permission with the longest validity period.

        • Modify Table Data: Having table-level permission to modify table data.

        • Delete Table: Permission to delete the entire table (Drop).

        • Modify Table Structure: Permission to modify the table structure, such as adding or removing fields or modifying the table name.

      • Field-Level Permission: Only displays separately requested field permissions. The final authentication is based on the permission with the longer validity period between table-level and field-level permissions.

      • Row-Level Permission: Displays the permission name and rule name information for row-level permissions enabled on the table.

    • Renewal: You can apply for field permissions separately. Select the fields to be renewed, and in the Renew Permission dialog box, select Valid Until, enter the Renewal Reason, and click OK.

    Data table permissions out of effect

    • Displays information about the data object name, table type, business unit/project/data source, permission account, and permission type.

    • You can search by keywords in the data table name or the business unit/project/data source, or filter by business unit/project/data source, account type, or table type.

    • You can perform the following operations on the filtered data tables.

      Operation

      Description

      View Data Table Permission Details

      Click the name of the data object to view the data table permission details. For more information, see Data table details out of effect.

      Request Permission

      Request read, write, and other permissions for the data table. For more information, see Request table permissions.

    Data table details out of effect

    You can view the basic information and permission details of data tables out of effect, and perform permission request operations.

    • Basic Information: Displays the table name, table's business unit/project/data source, environment, permission account, and table owner information. You can click the Request Table Permission button in the upper-right corner to request permissions for this table. For more information, see Request table permissions.

    • Permission Details: Displays table-level permissions and field-level permissions details.

      • Table-Level Permission: Displays permission types and expiration dates.

        • Query Table Data: Having table-level query permission allows you to query any field in the table, including fields added later. You can also apply for field-level query permissions separately, and the system will use the permission with the longest validity period.

        • Modify Table Data: Having table-level permission to modify table data.

        • Delete Table: Permission to delete the entire table (Drop).

        • Modify Table Structure: Permission to modify the table structure, such as adding or removing fields or modifying the table name.

      • Field-Level Permission: Only displays separately requested field permissions. The final authentication is based on the permission with the longer validity period between table-level and field-level permissions.

    • Permission Request: You can apply for field permissions separately. For more information, see Request table permissions.

    Data table permission application records

    • Displays information about the data object name, table type, business unit/project/data source, permission account, submission time, and application status.

    • You can search by keywords in the data table name or the business unit/project/data source, or filter application records by table type, account type, or application status.

    • You can perform the following operation on the filtered application records.

      Approval Process: View the approval permissions for the data table. For more information, see View tasks initiated by me.