All Products
Search

This Product

    Hologres:Use DataWorks as a RAM user

    Document Center

    Hologres:Use DataWorks as a RAM user

    Last Updated:Dec 17, 2025

    This topic describes how an Alibaba Cloud account can create a Resource Access Management (RAM) user and grant the RAM user permissions to use DataWorks for data development.

    Background information

    By default, the Alibaba Cloud account that purchases an instance is the super administrator. The super administrator has all permissions on the instance.

    To access the instance, other users must be granted permissions by the Alibaba Cloud account.

    A RAM user is subject to the following two types of access control.

    • RAM permissions

      RAM permissions are optional. After a RAM user is granted RAM permissions, the RAM user can manage instances in the Hologres console. For example, the RAM user can purchase, delete, upgrade or downgrade, view instances, and modify network types.

    • Instance development permissions

      Instance development permissions are required. An Alibaba Cloud account must grant a RAM user development permissions on an instance. Then, the RAM user can connect to the instance and perform data development.

    Hologres supports the simple permission model and the standard PostgreSQL authorization model to grant permissions to RAM users. The following list describes the two permission models.

    • Simple permission model (Recommended)

      The simple permission model is a coarse-grained permission model based on the PostgreSQL authorization system. Hologres created this model to improve the user experience. For more information, see Simple permission model (SPM).

    • Standard PostgreSQL authorization model

      The standard PostgreSQL authorization model is an authorization system that uses the same authorization statements as standard PostgreSQL. You can grant permissions to RAM users using standard PostgreSQL authorization statements. For more information, see Standard PostgreSQL authorization model.

    Create a RAM user

    If you already have a RAM user, you can skip this step.

    1. Log on to the Alibaba Cloud official website using your Alibaba Cloud account.

    2. Log on to the RAM console using your Alibaba Cloud account.

    3. In the navigation pane on the left, choose Identity Management > Users.

    4. Click Create User.

      You can also click Add User to create multiple RAM users at the same time.

    5. In the User Account Information section, enter a Logon Name and a Display Name.

    6. In the Access Mode section, select Console Access.

    7. Set the logon password for the RAM user.

    8. Click OK.

    Grant permissions to the RAM user

    Add a RAM user to a DataWorks workspace

    You must add the RAM user to the relevant DataWorks workspace before the RAM user can use DataWorks for data development. Perform the following steps:

    1. Go to the workspace configuration page.

      1. Log on to the DataWorks console. After you switch to the destination region, click Workspace.

      2. Find the target workspace and click Manage in the Actions column to go to the workspace management page.

    2. On the Workspace Members tab, click Add Members in the upper-right corner.

    3. In the Add Members dialog box, click Refresh to sync all RAM users of the current Alibaba Cloud account to the Accounts to Be Added list.刷新

    4. In the Accounts to Be Added list, select the member accounts that you want to add, click >, and move the accounts to the Added Accounts list.

    5. Select the roles that you want to grant and click Confirm.

      The creator of the workspace is assigned the administrator role by default. For more information about the permissions of each role, see Appendix: List of preset workspace-level roles.

    6. Log on to the DataWorks console as the RAM user. On the Data Development and O&M page, click Data Studio.

    7. You can now perform data development as needed.

    Remove a RAM user from a DataWorks workspace

    1. Go to the workspace configuration page.

      1. Log on to the DataWorks console.

      2. In the navigation pane on the left, click Workspace.

      3. Find the target workspace and click Manage in the Actions column to go to the workspace management page.

    2. On the Workspace Members tab, find the target member, click Remove in the Actions column, and then follow the on-screen instructions to complete the operation.

      Note

      After a RAM user is removed from a workspace, the RAM user still has development permissions on the Hologres instance.