This topic describes how to grant permissions to a service account for the O&M of a cluster instance.
Background information
If you need the assistance of Alibaba Cloud technical support engineers, you can use the service account authorization feature to grant permissions such as the configuration, query, and data permissions to Alibaba Cloud technical support engineers. The engineers will operate on your cluster within the allowed time range and authorization scope while providing technical support.
Prerequisites
You can grant permissions to a service account when the cluster is in the Running state.
Standard Edition (Key-Value) cluster instances do not support service account authorization.
Procedure
In the left-side navigation pane, click Instances and select the target cluster instance to go to the Cluster Instance Workspace page.
In the left-side navigation pane, click Security Settings.
On the Service account authorization tab, grant permissions and set the expiration time of the permissions.
Turn on the switch for a permission in the Privilege Authorization column. In the dialog box that appears, set the expiration time. At present, you can grant the query, data, and configuration permissions. You can grant one or more permissions based on the actual business needs.
NoteIf you grant multiple permissions, their expiration time is the same. The expiration time that is set when you grant a permission for the first time applies to all granted permissions.
Permission
Description
Query permission
Allows Alibaba Cloud technical support engineers to query the indexes and views in your database.
Data permission
Allows Alibaba Cloud technical support engineers to execute data query statements such as SELECT under all tenants in the cluster.
Configuration permission
Allows Alibaba Cloud technical support engineers to view and modify the configurations of the cluster and tenants.
Click the Edit icon in the upper-right corner to set the expiration time of all granted permissions.
You can also turn off the switch for a permission in the Privilege Authorization column to revoke the permission.