All Products
Document Center

Data Management:System roles

Last Updated:Feb 23, 2024

Data Management (DMS) provides various system roles. You can assign appropriate system roles to DMS users based on the role permissions.




Regular user

  • Regular users can perform operations on databases. For example, they can query and change data, or view and change schemas.

  • Regular users can be the research and development (R&D) staff, testers, product staff, operations staff, or data analysts of enterprises.

  • By default, a Resource Access Management (RAM) user that is added to the DMS tenant to which the Alibaba Cloud account belongs assumes the regular user role.

  • Regular users cannot use the features in the Instances, Users, Task, Configuration Management, Notification, Database Grouping, and Intelligent Operation modules in the DMS console.

  • To execute SQL statements on the SQLConsole tab or use the features of the Database Development module, regular users must apply for the required permissions.

Security administrator

  • Security administrators can perform operations such as determining the sensitivity levels of fields and auditing user operations.

  • Security administrators can be the internal auditors or security administrators of enterprises.

In addition to all the features that are available for regular users, security administrators can also use the features in the Operation Audit and Sensitive Data modules.

Database administrator (DBA)

  • DBAs are responsible for database management, including managing database instances, database development standards and processes, and task executions.

  • DBAs in DMS can be the DBAs or O&M staff of enterprises.

In addition to all the features that are available for regular users, DBAs can also use all the system management features except for the feature in the Users module.

DMS administrator

  • The DMS administrator role is automatically assigned to the Alibaba Cloud account that is used to create a DMS tenant. The DMS administrator role cannot be revoked.

  • You can specify a RAM user or another Alibaba Cloud account that is added to the current DMS tenant as a DMS administrator. No limit is set on the number of DMS administrators within a DMS tenant.

  • DMS administrators are approvers for the Admin approval step of an approval process.

DMS administrators can use all the features in DMS.


Only DMS administrators can use the features in the Users module.

Schema read-only

The schema read-only role is applicable to the staff such as data analysts in enterprises. In DMS, a user who assumes the schema read-only role has permissions to query the metadata of instances, databases, and tables. For example, the user can view the details of a table or export an entire database.

Users who assume the schema read-only role can query the metadata of all instances, databases, and tables, without the need to obtain the query, change, or export permissions on the instances, databases, and tables.


For more information about how to assign system roles to DMS users, see Manage users.