Access control in Data Management (DMS) is used to manage user permissions for viewing and accessing databases and instances in DMS. This feature helps you ensure data security within your organization.

Background information

As a centralized data management service, DMS provides different roles that are granted different permissions. This helps you manage data in your organization in a secure manner. Metadata access control is a new feature of DMS. This feature further ensures data security in your organization. After this feature is enabled, you can ensure that a user can access only those databases on which the user has one or more permissions, and that a database is accessible only to authorized users.
Note In DMS, database permissions include Query, Export, and Change. If you have one of these permissions on a database, you are authorized to access the following information in DMS:
  • Information of the database. You can search for the database in the search box in the upper part of the left-side navigation pane or in the top navigation bar of the DMS console. Alternatively, you can search for the database in the "Select the databases, tables, or columns on which you want to apply for permissions" field on the Ticket Application page. You can query the data in the database only when you have query permission on the database.
  • Information of the instance to which the database belongs. To view the information of other databases in this instance, you must have permissions on other databases.

Types of metadata access control

You can manage metadata access control on the following objects:
  • Users: Users can view and access only databases on which they have permissions.
  • Databases: Databases can be accessed only by users that have permissions on them.
  • Instances: Instances and all databases that belong to the instance can be accessed only by users that have permissions on the instances.

Before and after access control is enabled

Whether access control is enabled Description
Disabled Regular users can view and access all databases and instances.
Enabled Regular users can view and access only the databases and instances on which they have one or more permissions.

Procedure

This example shows the differences in the permissions of a regular user before and after access control is enabled.
Note The poc_dev and poc_prod instances in the following steps are for test purpose.

When access control is disabled

  1. Log on to the DMS console V5.0 as a regular user.
  2. In the upper part of the left-side navigation pane on the Home tab, enter poc to search for instances whose name contains "poc".
    The poc_dev instance on which you have permissions and the poc_prod instance on which you have no permissions appear.

Enable access control

  1. Log on to the DMS console V5.0 as a DMS administrator.
  2. In the top navigation bar, choose O&M. In the left-side navigation pane, click Users.
  3. On the Users page, find the user you want to manage. In the Actions column, select More > Access Control.
  4. In the User Access Control dialog box, turn on Metadata Access Control.
    fangewen
  5. Click OK.

When access control is enabled

  1. Log on to the DMS console V5.0 as a regular user.
  2. In the upper part of the left-side navigation pane on the Home tab, enter poc to search for instances whose name contains "poc".
    Only the poc_dev instance on which you have permissions appears. The poc_prod instance on which you have no permissions is not displayed.