You can access a database instance in the Data Management (DMS) console. If you enable the secure access proxy feature for the instance, you can also use the proxy endpoints that are generated by the feature for the instance to access the instance. This topic describes how to authorize users to access a database instance by using proxy endpoints.

Prerequisites

Procedure

  1. Log on to the DMS console V5.0.
    Note To switch to the previous version of the DMS console, click the 5租户头像 icon in the lower-right corner of the page. For more information, see Switch to the previous version of the DMS console.
  2. On the Created tab, find the database instance that you want to manage and click Details in the Operation column. The Secure Access Proxy/Details page appears.
  3. Click Authorize.
  4. In the Secure Access Proxy - Authorize dialog box, set the parameters that are described in the following table and click OK.
    Parameter Description
    Authorize User Select the user to be authorized. You can select only one user.
    Use Custom Database Account Specifies whether to use a custom database account to access the database instance. By default, the database account that is used to enable the secure proxy feature is used to access the database instance. If the user to be authorized specifies a custom database account, this account is used to access the database instance.
    • If you select No, the database account that is used to enable the secure access proxy feature is used to access the database instance.
    • If you select Yes, enter the custom database account and password that are used to access the database instance.
    Security Policy
    • System Security Policy: If you select this option, DMS does not automatically update the AccessKey pair for the user to be authorized.
    • Regularly Update AccessKey Pair: If you select this option and specify the Update Interval parameter, DMS automatically updates the AccessKey pair for the user to be authorized at the specified interval. After the AccessKey pair is updated, the programs of the user cannot use the previous AccessKey pair to access the database instance.
    • Authentication Expires at Specific Time: If you select this option and specify the Expire At parameter, the AccessKey pair that is generated by the secure access proxy feature expires at the specified time.
    After the authorization is successful, the authorized user obtains an AccessKey pair that consists of an AccessKey ID and an AccessKey secret.
    • AccessID: the AccessKey ID that is used to identify the user.
    • AccessSecret: the AccessKey secret that is used to verify the identity of the user. The AccessKey secret must be kept confidential.
    Note
    • When the user accesses the database instance, the user must use the AccessKey pair to complete identity authentication.
    • You can also approve a ticket submitted by the user who applies for permissions to access a database instance by using proxy endpoints. For more information about how to approve a ticket, see Approve tickets.

Supported operations

On the Secure Access Proxy/Details page, you can perform the following operations:
  • View the AccessKey secret of an authorized user: Click View.
  • Update the AccessKey secret of an authorized user: Click Update to generate a new AccessKey secret. Then, the programs of the authorized user cannot access the database instance by using the previous AccessKey secret.
  • Revoke permissions from an authorized user: If the authorized user no longer needs to access the database instance, click Recycling or Release. Then, the user can no longer connect to the proxy endpoints of the database instance.
Note If you are a regular user who is specified as the owner of secure access proxy for the database instance, you cannot update the AccessKey secrets of other authorized users or revoke permissions from these users.

Related API operations

API operation Description
CreateProxyAccess Authorizes a user to access a database instance by using the proxy endpoints generated by the secure access proxy feature.
ListProxyAccesses Queries users who are authorized to access a database instance by using the proxy endpoints generated by the secure access proxy feature.
InspectProxyAccessSecret Queries the AccessKey secret that an authorized user uses to connect to the proxy endpoints generated by the secure access proxy feature for a database instance.
DeleteProxyAccess Revokes permissions from an authorized user who no longer needs to access a database instance by using the proxy endpoints generated by the secure access proxy feature.