All Products
Search

This Product

    Hologres:Enable/Disable Hologres support access

    Document Center

    Hologres:Enable/Disable Hologres support access

    Last Updated:Mar 26, 2026

    Grant the Alibaba Cloud helpdesk temporary access to your Hologres instance by enabling a service account and setting a time-to-live (TTL). When the TTL expires, permissions are automatically revoked. This topic describes how to enable or disable the service account and how to audit its activity.

    Prerequisites

    Before you begin, make sure that:

    • Version: Your instance runs Hologres V0.10 or later. Check the version in the Hologres console. If the version is earlier, see Common errors during upgrade preparation or contact the Hologres DingTalk group. For more information, see How do I get more online support?

    • Role: You have the Superuser role on the instance. Only Superusers can enable or disable a service account.

    • Connection type: The instance is not connected using a new connection in HoloWeb. Service account management is unavailable for instances connected this way. For details, see Connect to an instance.

    Enable a service account

    1. Log on to the Hologres console.

    2. In the upper-left corner, select the region where the instance resides.

    3. On the Instances page, click the instance ID.

    4. In the left navigation pane of the Instance Details page, click Account Management.

    5. On the Users page, click the Service Account Authorization tab.

    6. Turn on the switch for Permissions of Technical Support in the Permission Status column.

    7. In the Set Expiration Time of Permission dialog box, set the Expiration Time of Permission.

    8. Click OK.

    After the service account is enabled, the system creates a Superuser account named BASIC$holo_support. This account can view and modify configurations, table schemas, and indexes, execute SQL statements, and view data.

    image

    Disable a service account

    1. Log on to the Hologres console.

    2. In the upper-left corner, select the region where the instance resides.

    3. On the Instances page, click the instance ID.

    4. In the left navigation pane of the Instance Details page, click Account Management.

    5. On the Users page, click the Service Account Authorization tab.

    6. Turn off the switch for Permissions of Technical Support in the Permission Status column.

    image

    View operation records

    Use operation records to audit every SQL statement and data access performed by the support account during its active session.

    Run the following SQL statement to query hologres.hg_query_log for all operations performed by the service account. The usename value must include the double quotes as part of the account name format.

    SELECT
    *
FROM
    hologres.hg_query_log
WHERE
    usename = '"BASIC$holo_support"';
    The usename value '"BASIC$holo_support"' uses outer single quotes (SQL string literal) wrapping inner double quotes (part of the account name). Copy the value exactly as shown.

    View authorization records

    Use authorization records to track who enabled or disabled the service account and when. Authorization events are not stored in hologres.hg_query_log — they are captured in ActionTrail, which records the account that performed the action and the timestamp.

    To query authorization events, see Query events in the ActionTrail console.