All Products
Search

This Product

    Data Transmission Service:Authorize DTS to access Alibaba Cloud resources

    Document Center

    Data Transmission Service:Authorize DTS to access Alibaba Cloud resources

    Last Updated:Mar 28, 2026

    Before you can create data migration, data synchronization, or change tracking tasks, grant Data Transmission Service (DTS) access to your Alibaba Cloud resources. This is a one-time setup.

    If your account does not have RAM write permissions, ask the Alibaba Cloud account owner to complete the steps below.

    How authorization works

    Authorization assigns the default role AliyunDTSDefaultRole to DTS and attaches the AliyunDTSRolePolicy system policy to it. This allows DTS to access cloud resources in your account, including ApsaraDB for RDS, Elastic Compute Service (ECS), PolarDB, ApsaraDB for MongoDB, ApsaraDB for Redis, PolarDB-X, DataHub, and Elasticsearch.

    For the full list of permissions granted by AliyunDTSRolePolicy, see AliyunDTSRolePolicy.

    Without authorization, the DTS console displays the following error when you log in:

    • Error code: Abnormal.RamCheckUserRole

    • Error message: You have not authorized the default role "AliyunDTSDefaultRole" of DTS. If your account has the write permissions on Resource Access Management (RAM), you can authorize the role in the RAM console by using the account. Otherwise, you must authorize the role in the RAM console by using the Alibaba Cloud account, and then refresh this page.

    Prerequisites

    Before you begin, ensure that you have:

    • An Alibaba Cloud account with write permissions on Resource Access Management (RAM)

    Authorize DTS

    Choose the method that fits your situation. Method 1 is the fastest.

    Method 1 (recommended): Use RAM quick authorization

    1. Log on to the RAM Quick Authorization page using your Alibaba Cloud account.

    2. Click Authorize. If the page shows "EntityAlreadyExists.Role" and "EntityAlreadyExists.Role.Policy", DTS already has access to your cloud resources.

    3. Click Return to go back to the DTS console.

    screenshot_2025-03-21_13-37-47

    Method 2: Authorize from the DTS console error prompt

    1. Log on to the DTS console using your Alibaba Cloud account.

    2. In the Error Prompt message, click Authorize Role in RAM Console.

    3. On the RAM Quick Authorization page, click Authorize.

    4. Click Return to continue.

    image

    Method 3: Authorize manually in the RAM console

    1. Log on to the RAM console.

    2. Optional: In the left-side navigation pane, choose Identities > Roles.

    3. In the search box next to Create Role, enter AliyunDTSDefaultRole and click the search icon.

      If AliyunDTSDefaultRole is not found, use Method 1 instead.

    4. Click the role name in the search results.

    5. On the Permissions tab, click Precise Permission.

      image

    6. In the Precise Permission panel, select System Policy for the Type parameter.

      4-1

    7. In the Policy Name field, enter AliyunDTSRolePolicy and click OK.

    8. Click Close. To confirm the policy was added, click the image icon on the right side of the Permissions tab to refresh the page.

    Verify the authorization

    After completing authorization, confirm that both conditions are met in the RAM console:

    1. Log on to the RAM console and search for AliyunDTSDefaultRole.

    2. Click the role name to view its details.

    3. Check the following:

      • Trust Policy tab: dts.aliyuncs.com appears in the Service field. image

      • Permissions tab: AliyunDTSRolePolicy is listed. image

    If both conditions are met, the authorization is successful. Return to the DTS console and create a task.

    Fix a failed authorization

    If the verification shows that the AliyunDTSRolePolicy policy is missing or dts.aliyuncs.com is absent from the trust policy, the authorization is incomplete.

    To fix a failed authorization:

    1. Delete the AliyunDTSDefaultRole role. For instructions, see Delete a RAM role.

    2. Authorize again using Method 1.