All Products
Search

This Product

    Data Management:Manage permissions on instances

    Document Center

    Data Management:Manage permissions on instances

    Last Updated:Mar 08, 2024

    This topic describes how to grant or revoke permissions on instances as a Data Management (DMS) administrator or a database administrator (DBA). For example, you can grant or revoke the logon, query, or change permissions on instances.

    Prerequisites

    • You are a DMS administrator or a DBA. For more information, see View system roles.

    • Security hosting is enabled for your database instance if you want to manage the performance view, query, export, or change permissions on the instance in a fine-grained manner. For more information, see the Enable security hosting section of the "Security hosting" topic.

      Note

      If your database instance is managed in Security Collaboration mode, security hosting is enabled by default.

    Procedure

    1. Log on to the DMS console V5.0.

    2. In the top navigation bar, choose Database Assets > Instances.

      Note

      If you use the DMS console in simple mode, move the pointer over the 2022-10-21_15-25-22.png icon in the upper-left corner of the DMS console and choose All functions > Data Assets > Instances.

    3. On the Instance List tab of the Instances page, search for the instance that you want to manage in the search box.

      Note

      You can search for an instance by instance name, instance endpoint, or database type.

    4. Find the instance that you want to manage and choose More > Manage Permissions in the Actions column.

    5. In the Manage Permissions dialog box, you can perform the following operations:

      • Grant permissions to a user

        1. Click Authorized Permissions on Instances.

        2. In the Authorize User dialog box, select one or more users from the Add User drop-down list and configure the Permission and Expire Date parameters. The default value of the Expire Date parameter is one month.

        3. Click OK.

      • Revoke permissions from a user

        1. Find the user from which you want to revoke permissions and click Recycle Permission in the Actions column.

          Note

          To revoke permissions from multiple users, select the users from which you want to revoke permissions and click Recycle Permission in the lower-left corner of the dialog box.

        2. In the Permission Operation dialog box, configure the Permission parameter.

        3. Click OK.

    Related operations

    DMS provides the metadata access control feature. You can use this feature to manage the access permissions on database instances and databases. If the metadata access control feature is enabled for a database instance, users who have no permissions on the database instance cannot view the database instance. For more information, see Metadata access control.

    FAQ

    • Q: What permissions are required to query, export, and change the database data of a database instance in DMS after I have the instance logon permissions?

      A: You do not need to obtain other permissions on the database instance. If you have the instance logon permissions and the database account has the required permissions, you can query, export, and change data in the database.

    • Q: How do I grant a Resource Access Management (RAM) user the read-only permissions on all databases in a specific database instance in DMS?

      A: You must add the RAM user to DMS on the Users page. Then, you can grant the RAM user the query permissions on the specified database instance. For more information, see the Grant permissions to users section of the "Manage users" topic.