This topic describes how to use your Alibaba Cloud account to authorize a RAM user to connect to and use Hologres.
Prerequisites
A RAM user is created. For more information, see Create a RAM user.
An AccessKey pair is created for the RAM user. For more information, see Create an AccessKey pair.
Grant Hologres permissions to a RAM user
After you grant relevant Hologres permissions to a RAM user in the Resource Access Management (RAM) console by using your Alibaba Cloud account, you can log on to the Hologres console and view, purchase, or delete instances as the RAM user. To grant permissions to a RAM user, you can log on to the RAM console, find the RAM user, and then attach policies to the RAM user. If you need to grant the RAM user all permissions to view instance information in the Hologres console, you can attach the AliyunHologresFullAccess and AliyunRAMReadOnlyAccess policies to the RAM user.
Log on to the RAM console as a RAM administrator.
In the left-side navigation pane, choose .
On the Users page, find the required RAM user, and click Add Permissions in the Actions column.
You can also select multiple RAM users and click Add Permissions in the lower part of the page to grant permissions to the RAM users at a time.
In the Grant Permission panel, grant permissions to the RAM user.
Configure the Resource Scope parameter.
Account: The authorization takes effect on the current Alibaba Cloud account.
ResourceGroup: The authorization takes effect on a specific resource group.
ImportantIf you select Resource Group for the Resource Scope parameter, make sure that the required cloud service supports resource groups. For more information, see Services that work with Resource Group. For more information about how to grant permissions on a resource group, see Use a resource group to grant a RAM user the permissions to manage a specific ECS instance.
Configure the Principal parameter.
The principal is the RAM user to which you want to grant permissions. The current RAM user is automatically selected.
Configure the Policy parameter.
A policy contains a set of permissions. Policies can be classified into system policies and custom policies. You can select multiple policies at a time.
System policies: policies that are created by Alibaba Cloud. You can use but cannot modify these policies. Version updates of the policies are maintained by Alibaba Cloud. For more information, see Services that work with RAM.
NoteThe system automatically identifies high-risk system policies, such as AdministratorAccess and AliyunRAMFullAccess. We recommend that you do not grant unnecessary permissions by attaching high-risk policies.
Custom policies: You can manage and update custom policies based on your business requirements. You can create, update, and delete custom policies. For more information, see Create a custom policy.
Click Grant permissions.
Click Close.
Grant the development permissions on a Hologres instance to a RAM user
Before you can perform data analytics operations on a Hologres instance as a RAM user, you must use your Alibaba Cloud account to grant the development permissions on the Hologres instance to the RAM user. You can log on to the Hologres console, go to the HoloWeb console, add a user on the User Management page, and then grant permissions to the user. This section describes how to use the simple permission model (SPM) to grant the development permissions on a Hologres instance to a RAM user.
You can execute SQL statements to grant permissions to a RAM user by using different permission models. For more information, see the following topics:
Log on to the Alibaba Cloud official website.
Go to the Hologres console. Click the name of the instance that you want to manage. The instance details page appears.
In the left-side navigation pane of the instance details page, click Account Management.
On the User Management page, click Add User.
In the Add User dialog box, configure the parameters that are described in the following table.
Parameter
Description
Select RAM Users to Add
The RAM user that you want to add to the instance.
Select Member Role
The role to be assigned to the RAM user. Valid values: Examples of the Super Administrator (SuperUser): A superuser has all permissions on the instance.
Regular User: By default, a regular user has no permissions on the instance.
A regular user can log on to a Hologres instance and perform allowed data analytics operations only after the regular user is granted the required development permissions.
Optional. If the RAM user is assigned the regular user role, perform the following steps to grant the required permissions to the RAM user:
In the left-side pane of the instance details page, click Database Management.
On the Database Authorization page, find the database that you want to manage and click Authorize User in the Actions column.
NoteIf no database is created in the Hologres instance, click Create Database in the upper-right corner to create a database.
In the upper-right corner of the permission management page, click Grant Permissions.
In the Grant Permissions dialog box, configure the parameters that are described in the following table.
Parameter
Description
User
The RAM user to which you want to grant permissions.
User Group
Admin: Users in this group are the owners of the current database and are authorized to manage the database and users in the four user groups.
Developer: Users in this group are authorized to read and write data in the current database, and create, delete, or modify objects in the database by executing DDL statements.
Writer: Users in this group are authorized to read and write data in the current database.
Viewer: Users in this group are authorized to read data in the current database.
Click OK.
What to do next
After you grant the RAM user the required permissions, you can connect to the Hologres instance that you want to manage and perform data analytics operations on the instance as the RAM user. You can use HoloWeb to perform data analytics operations in the Hologres console. For more information, see Connect to HoloWeb and perform queries.