All Products
Search

This Product

    Hologres:Use DataWorks with a RAM user

    Document Center

    Hologres:Use DataWorks with a RAM user

    Last Updated:Mar 26, 2026

    By default, only the root account that purchases a Hologres instance has access to it. To let team members perform data development tasks through DataWorks, you must create RAM users, grant them the required permissions, and add them to the target DataWorks workspace.

    Permission model overview

    RAM users require two types of permissions, which are managed independently:

    Permission type Required? What it controls Where to grant it
    RAM permissions Optional Instance management in the Hologres console — purchasing, deleting, upgrading, downgrading instances, changing network type, and viewing instance details RAM console
    Instance development permissions Required Connecting to a Hologres instance and performing data development tasks Hologres console or SQL
    Important

    DataWorks workspace membership and Hologres instance development permissions are two independent systems. Removing a user from a DataWorks workspace does not revoke their Hologres instance development permissions. Manage each separately.

    Hologres supports two permission models for granting instance development permissions:

    • Simple permission model (SPM) — recommended. A coarse-grained model built on top of the PostgreSQL authorization system, designed for ease of use. For details, see Simple permission model (SPM).

    • Standard PostgreSQL authorization model. Uses standard PostgreSQL GRANT statements, also known as expert mode. For details, see Standard PostgreSQL authorization model.

    Prerequisites

    Before you begin, make sure you have:

    • Root account credentials for Alibaba Cloud

    • A Hologres instance

    Create a RAM user

    Skip this section if you already have a RAM user.

    1. Log on to the Alibaba Cloud official website as the root account.

    2. Log on to the RAM console as the root account.

    3. In the left navigation pane, under Identity Management, click User.

    4. Click Create User. To create multiple RAM users at once, click Add Users instead.

    5. In the User Account Information section, enter a Logon Name and a Display Name.

    6. In the Access Mode section, select Console Access.

    7. Set a logon password for the RAM user.

    8. Click OK.

    Grant permissions to the RAM user

    Grant RAM permissions (optional)

    RAM permissions let the RAM user manage instances in the Hologres console. If the user only needs to perform data development tasks, skip this step.

    For instructions, see Grant permissions to a RAM user.

    Grant instance development permissions (required)

    The root account must grant the RAM user development permissions on the Hologres instance before the user can connect and run queries.

    For instructions, see Grant instance development permissions to a RAM user.

    Add the RAM user to a DataWorks workspace

    1. Go to the workspace configuration page.

      1. Log on to the DataWorks console, switch to the target region, and click Workspaces.

      2. In the Actions column for the target workspace, click Manage.

    2. On the Workspace Members tab, click Add Member in the upper-right corner.

    3. In the Add Member dialog box, click Refresh to sync all RAM users from the current Alibaba Cloud account to the Accounts to Add list. 刷新

    4. In the Accounts to Add list, select the target accounts, then click > to move them to the Added Accounts list.

    5. Select the roles to assign, then click OK.

      The workspace creator is assigned the administrator role by default. For details about role permissions, see Appendix: Predefined role permissions (workspace level).

    6. Log on to the DataWorks console as the RAM user. On the Data Development and O&M page, click Data Studio to start data development.

    Remove a RAM user from a DataWorks workspace

    1. Go to the workspace configuration page.

      1. Log on to the DataWorks console.

      2. In the left navigation pane, click Workspaces.

      3. In the Actions column for the target workspace, click Manage.

    2. On the Workspace Members tab, click Remove in the Actions column for the target member, then follow the prompts to complete the operation.

    Important

    Removing a RAM user from a workspace only revokes their DataWorks workspace access. Their Hologres instance development permissions remain in place. To fully revoke access, also revoke the user's instance development permissions separately.