All Products
Search

This Product

    Data Management:Manage instance permissions

    Document Center

    Data Management:Manage instance permissions

    Last Updated:Mar 30, 2026

    As a Data Management (DMS) administrator or database administrator (DBA), you can grant or revoke instance-level permissions for users. These permissions control what users can do with a database instance in DMS — including logging on, querying data, exporting data, and making changes.

    Prerequisites

    Before you begin, make sure you have:

    • The DMS administrator or DBA role. For details, see View system roles.

    • (Required for fine-grained permission management) Security hosting enabled on the instance, if you want to manage query, export, change, or performance view permissions at a granular level. For details, see Enable security hosting.

    Instances managed in Security Collaboration mode have security hosting enabled by default.

    Grant permissions to a user

    1. Log on to the DMS console V5.0.

    2. In the top navigation bar, choose Database Assets > Instances.

      In simple mode, move the pointer over the 2022-10-21_15-25-22.png icon in the upper-left corner and choose All functions > Data Assets > Instances.

    3. On the Instance List tab, search for the instance in the search box. You can search by instance name, endpoint, or database type.

    4. Find the instance and choose More > Manage Permissions in the Actions column.

    5. In the Manage Permissions dialog box, click Authorized Permissions on Instances.

    6. In the Authorize User dialog box, select one or more users from the Add User drop-down list, then configure the following parameters:

      Parameter Description
      Permission The permission types to grant
      Expire Date The date when the permissions expire. The default is one month.

    7. Click OK.

    Revoke permissions from a user

    1. Log on to the DMS console V5.0.

    2. In the top navigation bar, choose Database Assets > Instances.

      In simple mode, move the pointer over the 2022-10-21_15-25-22.png icon in the upper-left corner and choose All functions > Data Assets > Instances.

    3. On the Instance List tab, search for the instance in the search box.

    4. Find the instance and choose More > Manage Permissions in the Actions column.

    5. In the Manage Permissions dialog box, find the user and click Recycle Permission in the Actions column.

      To revoke permissions from multiple users at once, select the users and click Recycle Permission in the lower-left corner of the dialog box.

    6. In the Permission Operation dialog box, configure the Permission parameter to specify which permissions to revoke.

    7. Click OK.

    Related operations

    DMS provides a metadata access control feature that controls whether users without instance permissions can see the instance in the console. When enabled on a database instance, users who have no permissions on that instance cannot view it. This feature covers both database instances and databases. For details, see Metadata access control.

    FAQ

    After a user has instance logon permissions, do they need additional permissions to query, export, or change data?

    No additional instance-level permissions are required. If the underlying database account already has the necessary privileges, the user can query, export, and change data directly.

    How do I grant a Resource Access Management (RAM) user read-only access to all databases in a specific instance?

    First, add the RAM user to DMS on the Users page. Then grant the RAM user query permissions on the target instance. For step-by-step instructions, see the Grant permissions to users section in "Manage users."