Hologres allows you to configure IP address whitelists in HoloWeb and control accesses to your databases. This ensures secure and stable operations in Hologres. This topic describes how to configure an IP address whitelist in the HoloWeb console.

Limits

When you configure an IP address whitelist in HoloWeb, take note of the following items:
  • Only Hologres V0.10.14 and later support the IP address whitelist feature. You can view the version of your Hologres instance on the instance details page in the Hologres console. You can also execute the select hg_version() statement to check the version of your Hologres instance. If the version of your Hologres instance is earlier than V0.10.14, submit a ticket or join the Hologres DingTalk group to apply for updating the instance.
  • If you do not configure an IP address whitelist after you purchase an instance, databases in the instance can be accessed by using all types of networks. For more information about how to purchase an instance, see Purchase a Hologres instance.
  • Only the superuser can configure IP address whitelists for instances.
  • To configure an IP address whitelist for an instance in HoloWeb, you must set the Logon Method parameter to Password-free Logon when you create a connection to the instance. For more information about how to create a connection to a Hologres instance, see HoloWeb quick start. Password-free Logon
  • If your Hologres instance is connected by using Flink but cannot be accessed, query the IP address and CIDR block of the Flink and add them to the whitelist of the databases. For more information about how to obtain the IP address and CIDR block of the Flink, see Reference.

Create an IP address whitelist

  1. Log on to the Hologres console. In the top navigation bar, select a region.
  2. In the left-side navigation pane, click Go to HoloWeb to go to the HoloWeb console.
  3. In the top navigation bar of the HoloWeb console, click Security Center. In the left-side navigation pane of the Security Center tab, click IP Address Whitelist.
  4. In the upper-right corner, click Add IP Address to Whitelist. In the dialog box that appears, configure the parameters described in the following table.
    IP address whitelist
    Parameter Description
    Group The group name for the IP address whitelist.

    If you set Logon Method to Password-free Logon when you create the current connection, you must add the resource groups for data integration in DataWorks.Otherwise, the features of DataWorks are unavailable. Select a group from the Group drop-down list.

    Accessible Databases The databases that can be accessed from the specified IP addresses. Select databases from the Accessible Databases drop-down list. To allow access to all databases in the current Hologres instance, select ALL.
    Users Allowed The users who can access the specified databases from the specified IP addresses. Select users from the Users Allowed drop-down list. To allow access from all users of the current Hologres instance, select ALL.
    IP Address The IP addresses from which the specified users can access the specified databases. Take note of the following items:
    • To specify all IP addresses, enter ALL.
    • You can specify individual IP addresses. For example, you can enter 192.168.0.1 to allow the specified users to access the specified databases from 192.168.0.1.
    • You can specify individual CIDR blocks. For example, you can enter 192.168.0.0/24 to allow the specified users to access the specified databases from IP addresses within the range of 192.168.0.1 to 192.168.0.255.
    • To specify multiple IP addresses, start a new line for each IP address.
  5. Click OK to complete the configuration. After you create an IP address whitelist, the specified users are allowed to perform operations on the specified databases from the specified IP addresses.

Edit an IP address whitelist

After an IP address whitelist is created, only the IP addresses in the whitelist can be modified. To modify the authorized users and databases, you must create another IP address whitelist.
Note Only superusers can edit IP address whitelists.
  1. In the top navigation bar of the HoloWeb console, click Security Center. In the left-side navigation pane of the Security Center tab, click IP Address Whitelist.
  2. On the IP Address Whitelist page, find the whitelist that you want to modify and click Edit in the Operation column.
  3. In the Edit IP Address in Whitelist dialog box, modify the IP addresses. For more information about how to specify IP addresses for a whitelist, see the "Create an IP address whitelist" section of this topic.
  4. Click OK to complete the configuration.

Delete an IP address whitelist

You can delete IP address whitelists that are no longer needed. After you delete all IP address whitelists for a connection, no whitelist is available for the relevant instance and databases.
Note Only superusers can delete IP address whitelists.
  1. In the top navigation bar of the HoloWeb console, click Security Center. In the left-side navigation pane of the Security Center tab, click IP Address Whitelist.
  2. On the IP Address Whitelist page, find the whitelist that you want to delete and click Delete in the Operation column.
  3. In the dialog box that appears, click OK.