All Products
Search

This Product

    Dataphin:Request, renew, and return table permissions

    Document Center

    Dataphin:Request, renew, and return table permissions

    Last Updated:Nov 18, 2025

    To use tables developed by other users, you must request permissions for those tables. You can also request row-level and column-level permissions. This topic describes how to request, renew, and return table permissions.

    Prerequisites

    To use data source table permissions, you must configure collection tasks for MySQL and Oracle databases in the Metadata Center.

    Limits

    You can request permissions only for tables in Oracle and MySQL data sources.

    Approval process

    If you submit a permission request for a table and then change the approval process settings, the system processes the request based on the settings that were in effect at the time of submission. For example, you might change the status of permission requests from enabled to disabled. Even in this case, if the original request is approved, the permissions are granted.

    Permission requests

    • When you request permissions to alter a table schema, modify table data, or delete a table, only table-level permissions are supported. If any field is subject to a permission rule that prevents the request, you cannot request that permission.

    • For table data query permissions, if some fields are subject to permission rules that prevent the request, you cannot request table-level permissions. However, you can request field-level permissions. When you request field-level permissions, the system automatically ignores the fields for which you cannot request permissions. For more information about data permission approval rules, see Data permission approval configuration.

    • To request permissions to create a table, you must join the destination project. Your role in the project must include the Asset > Create permission.

      • If the safe mode for production data is enabled, you must submit a publishing request to create tables in the production environment. If the safe mode for production data is disabled, you can create tables in the development environment after you join the destination project and are assigned a role that includes the Asset > Create permission. For more information about how to enable the safe mode for production data, see Security settings.

      • If the cross-project safe mode is enabled, you can create tables only in the project where the node resides. You cannot create tables across projects. For more information about how to enable the cross-project safe mode, see Security settings.

    • To request permissions to alter a table schema, such as deleting an index or view, you must submit a permission request for the table. For more information, see Request table permissions.

    • To request permissions to delete a table, you must submit a permission request for the table. For more information, see Request table permissions.

    • To request permissions to modify table data, you must submit a permission request for the table. For more information, see Request table permissions.

    Request table permissions

    1. On the Dataphin homepage, choose Management Hub > Permission Management from the top menu bar.

    2. In the navigation pane on the left, choose My Permissions > Table Permissions. On the Table Permission page, click Request Table Permission in the upper-right corner.

    3. On the Request Table Permission page, configure the parameters.

      Parameter

      Description

      Account Type

      As needed, you can grant table permissions to a User Account, Project Account, or User Group. You can also grant permissions to them individually.

      • A User Account is used for data modeling and development in the development environment. Data developed in the development environment is published to the production environment. If you select User Account, select a date for Valid Until.

      • A Project Account is used to manage and run nodes that are submitted to the production environment. If you select Project Account, select a Project.

      • A User Group is used to manage the permissions of members in the user group. If you select User Group, select a User Group and a date for Valid Until.

      Table Name

      Select the compute source tables and data source tables for which you want to request permissions. You can perform a fuzzy search by table name, add tables in batches, or click the image..png icon to filter tables by Business Unit/Project and Table Type.

      • Table Type: You can select Physical Table, Meta Table, Mirror Table, View, Materialized View, Logical View, or Logical Table.

      • Business Unit/Project: If the table type is Logical View or Logical Table, select the business unit where the logical table resides. If the table type is Physical Table, Meta Table, Mirror Table, or View, select the project where the physical table resides.

      • Batch add tables: Click Batch Search And Add. In the Batch Search dialog box, enter the names of the tables that you want to add. For compute source tables, you can perform a precise search using the `Project Name.Table Name` or `Business Unit.Table Name` format. For data source tables, you can perform a precise search using the `DB/Schema.table` format. Separate multiple table names with a semicolon (;), comma (,), or line feed (\n). You can add a maximum of 50 tables.

        Note

        • You can select a maximum of 100 tables for a batch permission request.

        • The filter conditions are optional. If you do not specify filter conditions, you can select tables of different types. If you specify filter conditions, you can accurately filter tables.

      Select Fields

      By default, the entire table is selected. You can change the selection. If you select multiple tables, Select All is selected by default. You can change the selection.

      After you select a table, configure its permissions.

      • Permission Granularity:

        • Table-Level Permission: Displays the highest sensitivity level of the table. The Asset Security feature is required. This option grants permissions on the entire table, including all fields. Permissions are automatically granted on new fields that are added to the table. Table-level authorization is efficient. We recommend that you use this option if the table does not contain sensitive data.

        • Field-Level Permission: Grants permissions based on the current fields. You must separately request permissions on new fields that are added to the table. We recommend that you use this option if the table contains sensitive data and you want to control field-level permissions.

        • Select By Sensitivity Level: If you select this option, the system updates the selected fields below based on the highest sensitivity level. Fields that are not classified, which are indicated by a hyphen (-), are also selected.

      • Permission Type: The supported permission types vary based on the table type.

        • If the table type is Logical View, View, or Logical Table, Select is selected by default and cannot be changed.

        • If the table type is Physical Table, Select is selected by default. You can also select Write, Delete, or Alter.

        • If the table type is Meta Table or Mirror Table, Select is selected by default. You can also select Write.

        • If the table type is Datasource Table, Datasource View, or Datasource Materialized View, Select is selected by default and cannot be changed.

      The field list displays the Serial Number, Field Name, Field Description, Data Type, Data Class, and Data Sensitivity Level.

      If the requested table and account are subject to row-level permission control, you can click Row-Level Permissions in Effect to view the row-level permission information.

      image

      Row-level Permission Selection

      If a selected table has associated row-level permissions, you can request them at the same time. The permission name, description, associated table, request requirement, and control rule are displayed.

      • Request Required: This is determined by whether the selected account has control rule permissions for the row-level permissions of the current associated table.

        • If Yes, this indicates that the selected account does not have the control rule permissions for the row-level permissions of the current associated table. We recommend that you request the permissions. Click the View icon, and in the The Control Rule Permissions Of The Selected Account For The Current Row-level Permissions Are: dialog box, view the account that requires the control rule.

        • If the value is No, this indicates that the selected account has permissions for one or more control rules of the row-level permissions for the current associated table. You can add other control rules. Click the View icon to view the granted control rules for the row-level permissions in the Control Rule Permissions Of The Selected Account For The Current Row-level Permissions: dialog box.

      • Control Rule: Select a control rule configured for the current row-level permissions.

      Request Reason

      Enter the reason for requesting table permissions. This helps the approver review the request. The reason must be 5 to 500 characters in length.

    4. Click Submit to complete the table permission request.

    Data table permission details

    On the data table permission page, you can click the In Effect, Out Of Effect, or Application Record tab to view data table permission details for different statuses.

    Data table permissions in effect

    • This tab displays the data object name, table type, business unit/project/data source, permission expiration date, permission account, and permission type.

    • You can search by data table name or business unit/project/data source. You can also filter by business unit/project/data source, account type, or table type. You can also use the quick filter to view data tables that are Expiring In 7 Days.

    • You can perform the following operations on the filtered data tables.

      Operation

      Description

      View Data Table Permission Details

      Click the name of the data object to view its permission details. For more information, see Data table details in effect.

      Return

      Return all permissions on the data table, including table-level and field-level permissions. In the Return Permission dialog box, click OK.

      Renewal

      Extend the validity period of permissions on a table or field. In the Renew Permission dialog box, select a date for Valid Until, enter a Renewal Reason, and then click OK.

      Note

      • If the renewal scope is Field-Level Permission, the system automatically ignores fields for which you cannot request permissions during renewal.

      • If the renewal scope is Table-Level Permission, you must reapply for the data table permissions.

      • If you want to renew permissions on specific fields, you can submit a renewal request on the details page of the data table whose permissions are in effect. For more information, see Data table details in effect.

    Data table details in effect

    You can view the basic information and permission details of data tables with active permissions, and perform permission request operations.

    • Basic Information: Displays the table name, the business unit/project/data source to which the table belongs, environment, permission account, and table owner. You can click the Return Table Permission button in the upper-right corner to return the permissions for this table.

    • Permission Details: Displays the details of table-level, field-level, and row-level permissions.

      • Table-Level Permission: Displays the permission types and expiration dates.

        • Query Table Data: If you have the table-level permission to query table data, you can query all fields in the table, including fields that are added later. You can also request permission to query data from specific fields. The permission with the longer validity period takes precedence.

        • Modify Table Data: The table-level permission to modify table data.

        • Delete Table: The permission to delete the entire table (DROP).

        • Alter Table Schema: The permission to alter the table schema, such as adding or removing fields or renaming the table.

      • Field-Level Permission: Displays only the permissions that are requested for specific fields. The final authorization is based on the permission with the longer validity period between the table-level and field-level permissions.

      • Row-Level Permission: Displays the permission name and rule name for the row-level permissions that are enabled on the table.

    • Renewal: You can request permissions for specific fields. Select the fields for which you want to renew permissions. In the Renew Permission dialog box, select a date for Valid Until, enter a Renewal Reason, and then click OK.

    Expired data table permissions

    • This tab displays the data object name, table type, business unit/project/data source, permission account, and permission type.

    • You can search by data table name or business unit/project/data source. You can also filter by business unit/project/data source, account type, or table type.

    • You can perform the following operations on the filtered data tables.

      Operation

      Description

      View Data Table Permission Details

      Click the name of the data object to view its permission details. For more information, see Expired data table details.

      Request Permission

      Request read, write, and other permissions on the data table. For more information, see Request table permissions.

    Expired data table details

    You can view the basic information and permission details of data tables with expired permissions, and perform permission request operations.

    • Basic Information: Displays the table name, the business unit/project/data source to which the table belongs, environment, permission account, and table owner. You can click the Request Table Permission button in the upper-right corner to request permissions for this table. For more information, see Request table permissions.

    • Permission Details: Displays the details of table-level and field-level permissions.

      • Table-Level Permission: Displays the permission types and expiration dates.

        • Query Table Data: If you have the table-level permission to query table data, you can query all fields in the table, including fields that are added later. You can also request permission to query data from specific fields. The permission with the longer validity period takes precedence.

        • Modify Table Data: The table-level permission to modify table data.

        • Delete Table: The permission to delete the entire table (DROP).

        • Alter Table Schema: The permission to alter the table schema, such as adding or removing fields or renaming the table.

      • Field-Level Permission: Displays only the permissions that are requested for specific fields. The final authorization is based on the permission with the longer validity period between the table-level and field-level permissions.

    • Permission Request: You can request permissions for specific fields. For more information, see Request table permissions.

    Application records of data table permissions

    • This tab displays the data object name, table type, business unit/project/data source, permission account, submission time, and application status.

    • You can search by data table name or business unit/project/data source. You can also filter application records by table type, account type, or application status.

    • You can perform the following operation on the filtered application records.

      Approval Process: View the approval process for the data table. For more information, see View your initiated tasks.