Dataphin:Request, renew, and return table permissions

Prerequisites

You need to configure collection tasks for MySQL and Oracle databases in the Metadata Center to utilize data source table permissions.

Limits

Table permissions can only be requested for Oracle and MySQL type data source tables.

Approval process description

Modifications to the approval process settings after the generation of the data table permission request approval form, such as changing the permission request from open to closed, will not affect the execution of the request. If approved, the permissions will be granted.

Permission request description

• Requests for permissions to alter table structure, data, or delete table permissions are only supported at the table level. If any field matches a permission type that cannot be requested, that permission type will be unavailable for request.

• For table data query permissions, if some fields match unrequestable permission rules, table-level permissions cannot be requested. However, field-level permissions can be requested, and the system will automatically exclude unrequestable fields. For details on data permission approval rules, see Data Permission Approval Configuration.

• To request permissions for creating a table, you must be a member of the target project, and your role must include the project Asset Permission - Create permission point.

  • If production data safe mode is enabled, you must submit a publishing process to create tables in the production environment. Conversely, if production data safe mode is disabled, you can create tables in the development environment by joining the target project, provided you have the Asset Permission - Create permission point within your project role. For information on enabling production data safe mode, see Security Settings.

  • When cross-project safe mode is enabled, you can only create tables within the project where the task resides; creating tables across projects is prohibited. For information on enabling cross-project safe mode, see Security Settings.

• To request permissions for modifying table structure, such as deleting indexes or views, you can submit your request directly through the table permission request feature. For details, see Request Table Permissions.

• To request permissions for deleting a table, you must have the delete permission, which you can request via the table permission request feature. For more information, see Request Table Permissions.

• To alter table data, you can directly request the necessary permissions using the table permission request feature. For more information, see Request Table Permissions.

Request table permissions

1. On the Dataphin home page, in the top menu bar, select Management Center > Permission Management.

2. In the left-side navigation pane, select My Permissions > Table Permissions. On the Table Permission page, click the Request Table Permissions button in the upper right corner.

3. On the Request Table Permissions page, configure the parameters.

   Parameter	Description
   Account Type	Depending on the business scenario, you can grant table permissions to User Account, Project Account, and User Group simultaneously, or grant table permissions individually. User Account is used for modeling and development of data in the development environment and publishing the developed data to the production environment. If you select User Account, you need to select Valid Until. Project Account is used to manage and run tasks submitted to the production environment. If you select Project Account, you need to select Belonging Project. User Group is used to manage the permissions of members under the user group. If you select User Group, you need to select User Group and Valid Until.
   Table Name To Request	Select the data table for which you need to request permissions. You can perform a fuzzy search based on the data table name's keyword or click the icon to perform precise filtering based on Belonging Section/project/data Source and Table Type. Table Type: You can choose Physical Table, Meta Table, Mirror Table, View, Materialized View, Logical View, Logical Table, Datasource Table, Datasource View, Datasource Materialized View. Belonging Section/project/data Source: When the table type is Logical View or Logical Table, it is recommended to select the data section where the logical table is located. When the table type is Physical Table, Meta Table, Mirror Table, or View, it is recommended to select the project where the physical table is located. When the table type is Datasource Table, Datasource View, or Datasource Materialized View, it is recommended to select the data source where the data source table is located. Note You can select up to 100 data tables for batch permission requests. Filter options are not mandatory. If no filter options are selected, you can mix and match different types of data tables. If filter options are selected, you can precisely filter data tables.
   Select Fields	By default, the entire table is selected. You can modify this. When selecting multiple tables, Select All is selected by default. You can modify this. After selecting the table, you need to configure permissions: Permission Granularity: Table-Level Permission: Displays the highest confidentiality level of the table (asset security feature needs to be enabled). Grants permissions for the entire table, including all fields within the table. Subsequent field changes in the table are automatically authorized. Table-level authorization is more efficient. It is recommended to use this when there is no sensitive data. Field-level Permission: Grants permissions based on the current fields. Subsequent new fields need to be requested/authorized separately. It is recommended to use this when there is sensitive data in the table and field permissions need to be controlled. Select By Confidentiality Level: When selected, the system will update the selected fields below according to the highest confidentiality level (fields without data classification represented by - will also be selected). Permission Type: The requested permissions vary depending on the table type. Detailed descriptions are as follows: For table types Logical View, View, and Logical Table: The default selection is Select, and modifications are not supported. For table type Physical Table: The default selection is Select. You can also choose Write, Delete, and Alter. For table types Meta Table and Mirror Table: The default selection is Select. You can also choose Write. For table types Datasource Table, Datasource View, and Datasource Materialized View: The default selection is Select, and modifications are not supported. The field list displays information such as Serial Number, Field Name, Field Description, Data Type, Data Class, and Data Sensitivity Level. When the requested data table and account are subject to row-level permissions control, you can click Row-Level Permission Effective to view row-level permission information.
   Reason For Request	Fill in the reason for requesting table permissions to facilitate the approver's review. The number of characters should be no less than 5 and no more than 500.

4. Click Submit to complete the table permission request.

Data table permission details

On the data table permission page, click the In Effect, Expired, and Application Record tabs to view details of data table permissions in different statuses.