All Products
Search

This Product

    Data Management:Manage roles

    Document Center

    Data Management:Manage roles

    Last Updated:Oct 23, 2024

    Data Management (DMS) provides the custom role feature to help you manage the permissions of other DMS users on resources and features. You can create custom roles and grant permissions to the roles. This allows you to manage the resources and features of DMS by role in a fine-grained manner.

    Prerequisites

    You have the permissions to use the role management feature. If you do not have the required permissions, contact a DMS administrator to assign the DMS administrator role to your account. For more information, see the Modify a user section of the "Manage users" topic.

    Note

    By default, DMS administrators have the role management permissions.

    Usage notes

    This role management feature is in canary release.

    Relationships among roles, users, and policies

    image

    Procedure

    1. Create a custom role.

      Add an object to be authorized.

    2. Attach a policy to the custom role.

      Use the policy to limit the operations that can be performed by using the custom role. For example, you can use a policy to grant only the permissions to query and modify ApsaraDB for Redis instances.

    3. Assign the custom role to users.

      After the custom role is assigned to a DMS user, the DMS user is granted the permissions of the role. The DMS user is restricted by the policy attached to the role.

    Step 1: Create a custom role

    1. Log on to the DMS console V5.0.

    2. Mover the pointer over the 2023-01-28_15-57-17.png icon in the upper-left corner and choose All functions > O&M > Role Management.

      Note

      If you use the DMS console in normal mode, choose O&M > Role Management in the top navigation bar.

    3. On the Custom Role tab, click Add Custom Role.

    4. In the Add Custom Role dialog box, configure the Role name and Role Description parameters and click Confirm.

    Step 2: Attach a policy to the custom role

    1. On the Custom Role tab, find the custom role that you want to manage and click Details in the Actions column.

    2. On the Policy tab, click Add Permission Policy.

    3. In the Authorize dialog box, select System Policy or Custom Policy for the Select Permission parameter.

    4. Select the policy that you want to use and click OK.

    Note

    Alternatively, choose Security and Specifications (DBS) > Permission Center > Policy in the top navigation bar. On the page that appears, find the policy that you want to use and click Authorize in the Actions column to attach the policy to the custom role.

    Step 3: Assign the custom role to users

    After the custom role is assigned to a DMS user, the DMS user is granted the permissions of the role.

    1. On the Custom Role tab, find the custom role that you want to manage and click Details in the Actions column.

    2. Click the Associated User tab and then click Add User.

    3. In the Add User dialog box, select one or more users for the Member parameter.

    4. Click OK.

    Note

    Alternatively, choose O&M > Users in the top navigation bar. On the page that appears, edit the basic information of a user to assign the custom role to the user.

    View the policies attached to a custom role and users to whom a custom role is assigned

    1. On the Custom Role tab, find the custom role that you want to manage and click Details in the Actions column.

    2. On the Policy and Associated User tabs, view the policies attached to the custom role and users to whom the custom role is assigned.

    FAQ

    Q: What are the differences between custom roles and system roles?

    A: System roles are provided by DMS by default, and their policies cannot be adjusted. In contrast, the policies of custom roles can be adjusted. A user can be assigned multiple system roles and custom roles at the same time.