Metadata access control restricts database visibility at the user, database, or instance level — users without permissions cannot see or search for those objects in DMS.
Prerequisites
Before you begin, make sure that:
The target database instance is in Security Collaboration mode. For details, see Control modes
How it works
When metadata access control is enabled for an object, DMS filters what each user can see based on their permissions. For example, if a user has permissions on only two databases in an instance, their search results and left-side navigation pane show only those two databases — other databases in the same instance are invisible to them.
A user is considered to have permissions on a database if they hold any of the following permissions on it: query, export, or change. With those permissions, the user can also see the database instance that the database belongs to. To see other databases in the same instance, the user must have permissions on each of those databases separately.
Note that having export or change permissions only grants visibility of the database — to query data in the database, the user must specifically hold query permissions.
Choose what to enable access control on
Enable metadata access control on the object that matches your goal:
| Object | What users see after enabling | Where to configure |
|---|---|---|
| User | Only databases and instances they have permissions on | O&M > Users |
| Database | Only visible to users with permissions on that database | Data Assets > Instances > Database List |
| Database instance | Only visible to users with permissions on that instance; databases inside it follow the same restriction | Data Assets > Instances > Instance List |
Metadata access control for database instances is available only for instances in Security Collaboration mode.
Enable access control for a user
After you enable metadata access control for a user, that user can see only the databases on which they have permissions. They cannot view or apply for permissions on any database instance or database they lack permissions on. To check which databases a user has permissions on, go to Security and specifications > Permission center > Permissions. For details, see View owned permissions.
Log on to the DMS console V5.0.
In the top navigation bar, choose O&M > Users.
Find the user, then in the Actions column, click More > Access control.
NoteTo enable access control for multiple users at once, select the users and click Access control at the top of the page.
In the User access control dialog box, turn on Metadata access control and click OK.
Enable metadata access control for a database
Log on to the DMS console V5.0.
In the top navigation bar, click Data Assets. In the left-side navigation pane, click Instances.
On the Instances page, click the Database List tab.
Find the database, hover over More in the Actions column, and select Access control.
NoteTo enable metadata access control for multiple databases at once, select the databases, hover over Batch operation at the top of the tab, and select Access control.
In the Metadata access control dialog box, turn on Metadata access control and click OK.
Enable metadata access control for a database instance
Log on to the DMS console V5.0.
In the top navigation bar, click Data Assets. In the left-side navigation pane, click Instances.
On the Instances page, click the Instance List tab.
Find the instance, hover over More in the Actions column, and select Access control.
NoteMetadata access control for instances is available only for instances in Security Collaboration mode. You can also enable metadata access control for multiple instances at a time.
In the Metadata access control dialog box, turn on Metadata access control and click OK.