If you need the Alibaba Cloud helpdesk to perform operations on your Hologres instance, you can grant permissions to the instance's service account and set a time-to-live (TTL). This allows the helpdesk to provide technical support. After the TTL expires, the service account's permissions are automatically revoked. This topic describes how to enable or disable a service account and view its operation and authorization records.
Limits
This feature is supported only in Hologres V0.10 and later. You can check your current instance version in the Hologres console. If your instance version is earlier than V0.10, see Common errors during upgrade preparation or join the Hologres DingTalk group to provide feedback. For more information, see How do I get more online support?.
Only a Superuser can enable or disable a service account.
You cannot enable or disable the service account for instances that are connected using a new connection in HoloWeb. For more information about connecting to an instance, see Connect to an instance.
Enable a service account
Log on to the Hologres console.
In the upper-left corner of the page, select the region where the instance resides.
On the Instances page, click the ID of the instance.
In the navigation pane on the left of the Instance Details page, click Account Management.
On the Users page, click the Service Account Authorization tab.
On the Service Account Authorization tab, turn on the switch for Permissions of Technical Support in the Permission Status column.
In the Set Expiration Time of Permission dialog box, set the Expiration Time of Permission.
Click OK.
After the service account is enabled, the system creates a Superuser account named
BASIC$holo_support. This account can view and modify configurations, table schemas, and indexes. It can also execute SQL statements and view data.
Disable a service account
Log on to the Hologres console.
In the upper-left corner of the page, select the region where the instance resides.
On the Instances page, click the ID of the instance.
In the navigation pane on the left of the Instance Details page, click Account Management.
On the Users page, click the Service Account Authorization tab.
On the Service Account Authorization tab, turn off the switch for Permissions of Technical Support in the Permission Status column.
View the operation records of a service account
You can use the following SQL statement to query the operations performed by the service account from the `hologres.hg_query_log` table.
SELECT
*
FROM
hologres.hg_query_log
WHERE
usename = '"BASIC$holo_support"';View the authorization records of a service account
You can query the operation records for enabling and disabling the service account in ActionTrail. For more information, see Query events in the ActionTrail console. ActionTrail records the account that enabled or disabled the service account for an instance and the time of the operation.