All Products
Search

This Product

    ApsaraDB for OceanBase:Service account authorization

    Document Center

    ApsaraDB for OceanBase:Service account authorization

    Last Updated:Nov 27, 2024

    This topic describes how to grant permissions to a service account for the O&M of a cluster instance.

    Background information

    If you need the assistance of Alibaba Cloud technical support engineers, you can use the service account authorization feature to grant permissions such as the configuration, query, and data permissions to Alibaba Cloud technical support engineers. The engineers will operate on your cluster within the allowed time range and authorization scope while providing technical support.

    Prerequisites

    You can grant permissions to a service account when the cluster is in the Running state.

    Note

    Standard Edition (Key-Value) cluster instances do not support service account authorization.

    Procedure

    1. Log on to the ApsaraDB for OceanBase console.

    2. In the left-side navigation pane, click Instances and select the target cluster instance to go to the Cluster Instance Workspace page.

    3. In the left-side navigation pane, click Security Settings.

    4. On the Service Account Authorization tab, grant permissions and set the expiration time of the permissions. The ApsaraDB for OceanBase console supports Query Privilege, SQL Emergency Handling, Data Permission, Session Emergency Handling, and Configure Privileges. You can grant one or more permissions based on your business requirements.

      1. Turn on the switch for a permission in the Privilege Authorization column.

        1

        Privilege type

        Description

        Query Privilege

        Allows Alibaba Cloud technical support engineers to query the indexes and views in your database.

        SQL Emergency Handling

        Allows Alibaba Cloud technical support engineers to bind outlines, perform throttling, etc. for SQL statements.

        Data Permission

        Allows Alibaba Cloud technical support engineers to execute data query statements such as SELECT under all tenants in the cluster.

        Session Emergency Handling

        Allows Alibaba Cloud technical support engineers to terminate sessions on the database in emergencies.

        Configure Privileges

        Allows Alibaba Cloud technical support engineers to view and modify the configurations of the cluster and tenants.

      2. In the expiration time dialog box that appears, set the expiration time of all granted permissions.

        Note

        If you grant multiple permissions, their expiration time is the same. The expiration time that is set when you grant a permission for the first time applies to all granted permissions.

        image

    5. You can also turn off the switch for a permission in the Privilege Authorization column to revoke the permission.