This topic shows you how to use your Alibaba Cloud account to authorize a RAM user
to connect to and use Hologres.
Grant Hologres permissions to a RAM user
After you grant relevant Hologres permissions to a RAM user in the Resource Access
Management (RAM) console by using your Alibaba Cloud account, you can log on to the
Hologres console and view, purchase, or delete instances as the RAM user. You can
log on to the RAM console, find a RAM user, and then attach policies to the RAM user.
If you need to grant the RAM user all permissions to view instance information in
the Hologres console, attach the AliyunHologresFullAccess and AliyunRAMReadOnlyAccess policies.
- Log on to the RAM console by using your Alibaba Cloud account.
- Select the RAM user to which you want to grant permissions.
- In the left-side navigation pane, click Users under Identities.
- On the Users page, find the RAM user to which you want to grant permissions and click Add Permissions in the Actions column.
- Grant permissions to the RAM user.
- In the Add Permissions panel, set the parameters as required.

Parameter |
Description |
Authorization |
Valid values:
- Alibaba Cloud account all resources
- Specified Resource Group
|
Principal |
The RAM user to which you want to grant permissions. |
Select Policy |
Valid values:
- System Policy
- Custom Policy
Note
- You can create custom policies based on your business needs.
- You can attach a maximum of five policies at a time. To attach more policies, perform
the operation multiple times.
|
You can select
System Policy or
Custom Policy based on the following descriptions:
- Click OK.
Grant the development permissions on a Hologres instance to a RAM user
Before you can perform data analytics operations on a Hologres instance as a RAM user,
you must use your Alibaba Cloud account to grant the development permissions on the
Hologres instance to the RAM user. You can log on to the Hologres console, go to the
HoloWeb console, add a user on the User Management page, and then grant permissions
to the user. This section describes how to use the simple permission model (SPM) to
grant the development permissions on a Hologres instance to a RAM user.
Note You can execute SQL statements to grant permissions to a RAM user by using different
permission models. For more information, see the following topics:
- Log on to the Alibaba Cloud international site (alibabacloud.com) by using your Alibaba Cloud account.
- Go to the Hologres console. Click the name of the instance that you want to manage. The instance details page
appears.
- In the left-side pane of the instance details page, click Users.
- On the User Management page, click Add New User.
- In the Add New User dialog box, set the parameters that are described in the following table.

Parameter |
Description |
Select Organization Members |
The RAM user that you want to add to the instance. |
Select Member Role |
The role to be assigned to the RAM user. Valid values:
|
- Optional:If the RAM user is assigned the regular user role, perform the following steps to
grant the required permissions to the RAM user:
- In the left-side pane of the instance details page, click Databases.
- On the Database Authorization page, find the database that you want to manage and click Authorize User in the Operation column.

Note If no database is created in the Hologres instance, click Create Database in the upper-right corner to create a database.
- On the permission management page of the database, click Grant Permissions.
- In the Grant Permissions dialog box, set the parameters that are described in the following table.

Parameter |
Description |
User Account |
The RAM user to which you want to grant permissions. |
User Group |
- Admin: Users in this group are the owners of the current database and are authorized
to manage the database and users in the four user groups.
- Developer: Users in this group are authorized to read and write data in the current
database, and create, delete, or modify objects in the database by executing DDL statements.
- Writer: Users in this group are authorized to read and write data in the current database.
- Viewer: Users in this group are authorized to read data in the current database.
|
- Click OK.
- Click OK.
What to do next
After you grant the RAM user the required permissions, you can connect to the instance
that you want to manage and perform data analytics operations on the instance as the
RAM user. You can use HoloWeb to perform data analytics operations in the Hologres
console. For more information, see HoloWeb quick start.