Manage permissions on Hologres - DataWorks - Alibaba Cloud Documentation Center

DataWorks allows you to manage the permissions for users to access Hologres data. You can configure an authorized identity, request permissions on Hologres tables, process permission requests, and view permission request records and request processing records. This topic describes how to manage permissions on Hologres.

Prerequisites

A Hologres instance is created. For more information, see Purchase a Hologres instance.
A Hologres data source is added. For more information, see Hologres data source.
Hologres metadata is collected. For more information, see Metadata collection.
The permission model of the database to which the Hologres tables that you want to access belong is the standard PostgreSQL authorization model. For more information, see Switch between permission models.

Step 1: Go to the Data Access Control page

Log on to the DataWorks console. In the top navigation bar, select the desired region. In the left-side navigation pane, choose Data Development and Governance > Security Center. On the page that appears, click Go to Security Center.

Step 2: Configure an authorized identity

In DataWorks, you can access a Hologres instance by using the authorized identity that is specified for the instance. Only Alibaba Cloud accounts or RAM users to which the AdministratorAccess policy is attached can configure an authorized identity.

In the Application Content section of the Permission Application tab, set the Data Source Type parameter to Hologres. If an authorized identity is not configured for a Hologres instance, the message shown in the following figure appears. In this case, click OK.
Click Configure Authorization Identity below Authorized Identity.
In the Hologres instance authorization identity configuration dialog box, specify an authorized identity for each Hologres instance and click OK.
Note
If you want to configure a RAM user as the authorized identity for a Hologres instance, make sure that you attach the AliyunHologresReadOnlyAccess policy and assign the SuperUser role of the Hologres instance to the RAM user.

Request permissions

Go to the Permission Application tab.
Select the tables on which you want to request permissions.
1. Set the Data Source Type parameter to Hologres and configure the Hologres Instance and Database parameters.
2. In the Tables to Be Added section, search for tables or select the tables on which you want to request permissions.
3. In the form that appears on the right of the Tables to Be Added section, select the permissions that you want to request on the tables. Supported table-level permissions: Select, Insert, Update, Delete, Truncate, and ALL.
  - If you select a specific permission in the first row of the form, the permission is requested for each selected table.
  - If you want to cancel the request for a permission on a table, you can deselect the permission for the table.

In the Application information section, configure the parameters. The following table describes the parameters.

Parameter

Description

User

The account for which you want to request the permissions.

Current login account: indicates that you want to request permissions on the tables for the account that is used to access the current workspace.
Apply on Behalf of Others: indicates that you want to request permissions on the tables for an account that is not used to access the current workspace. If you select this option, you must configure the Other Identity parameter.

Reason for Application

The reason for requesting the permissions.

Table-level permissions on Hologres are permanent. You cannot specify the expiration time.

Click Apply for permission to submit the request.
You can view the processing details and the record of the current request on the Permission Application Records tab.

Process requests

View the information about pending requests.
On the Permission Application Processing tab, set the Data Source Type parameter to Hologres. Then, specify filter conditions to search for the requests that must be processed by the current logon account.
Note
If a permission request order is submitted to request permissions on multiple tables that belong to different owners, the system splits the request order into multiple requests based on the table owners.
View the details of a permission request.
Find the permission request and click Approval in the Operation column. You can view the details and processing record of the permission request in the Approval details dialog box.
Process permission requests.
To process a single permission request, enter your comments and click Agree or Rejection based on your business requirements.
To process multiple requests at the same time, select all requests that you want to process on the Permission Application Processing tab, click Batch Consent or Batch rejection, and then enter your comments.

View historical permission requests and the processing records of the requests

View permission request records: On the Permission Application Records tab, specify filter conditions such as Approval Status, Application Time, and Hologres Instance to view the permission request records of the current logon account.
To view the details of a permission request, click View details in the Operation column of the request. You can cancel permission requests that are being processed.
View request processing records: On the Permission Application Processing Record tab, specify filter conditions such as Application Account Number, Approval Results, and Hologres Instance to view the request processing records of the current logon account.