Authorize a service account

Updated at:
Copy as MD

If you need assistance from Alibaba Cloud technical support that requires access to your Hologres instance, you must authorize the service account for the instance and set an expiration time. When the expiration time is reached, the service account's permissions are automatically revoked.

Limitations

  • This feature is supported only in Hologres V0.10 and later. Check your current instance version on the Hologres console. If your instance is running a version earlier than V0.10, see Common errors during upgrade preparation or join the Hologres DingTalk group. For more information, see How do I get more online support?.

  • Only a Superuser can enable or disable a service account.

  • You cannot enable or disable the service account for an instance connected via HoloWeb. For more information about connecting to an instance, see Connect to an instance.

Enable a service account

  1. Log on to the Hologres console.

  2. In the top-left corner, select the region where your instance is located.

  3. On the Instances page, click the ID of the target instance.

  4. In the left-side navigation pane of the Instance Details page, click Account Management.

  5. On the Users page, click the Service Account Authorization tab.

  6. On the Service Account Authorization tab, turn on the Permissions of Technical Support switch in the Permission Status column.

  7. In the Set Expiration Time of Permission dialog box, set the Expiration Time of Permission.

  8. Click OK.

    After the service account is enabled, the system creates a Superuser account named BASIC$holo_support. This account has permissions to view and modify configurations, table schemas, and indexes, as well as execute SQL queries and view data.

Disable a service account

  1. Log on to the Hologres console.

  2. In the top-left corner, select the region where your instance is located.

  3. On the Instances page, click the ID of the target instance.

  4. In the left-side navigation pane of the Instance Details page, click Account Management.

  5. On the Users page, click the Service Account Authorization tab.

  6. On the Service Account Authorization tab, turn off the Permissions of Technical Support switch in the Permission Status column.

View operation records

Run the following SQL statement to query the Query Log for the service account's operations.

SELECT
    *
FROM
    hologres.hg_query_log
WHERE
    usename = '"BASIC$holo_support"';

View authorization records

You can find authorization records for enabling and disabling the service account in ActionTrail. These records show which account enabled or disabled the service account, for which instance, and when. For more information, see Query events on the ActionTrail console.