All Products
Search
Document Center

Data Management:Accounts used to log on to DMS

Last Updated:Feb 22, 2024

This topic describes the accounts that you can use to log on to Data Management (DMS) and shows you how to manage the configurations of RAM users.

Access methods

You can log on to the DMS console by using one of the following methods:

  • Log on by using an Alibaba Cloud account or as a RAM user.
    • If you log on by using an Alibaba Cloud account, you can manage the configurations of RAM users on the Configuration Management page in the DMS console. For more information, see Manage the configurations of RAM users.
    • If a RAM user is removed, the RAM user is still available in DMS. However, you cannot use the RAM user to log on to Alibaba Cloud or the DMS console.
      Note Before you remove or disable a user in DMS, check whether the user assumes a role such as a data owner, a database administrator (DBA), or an approver on an approval node. If the user assumes a role, assign its role to another user. For more information, see Manage users.
  • Log on by using single sign-on (SSO). You can implement user-based SSO or role-based SSO to log on to the Alibaba Cloud Management Console from the identity provider (IdP) of your enterprise. For more information, see Use SSO to log on to DMS.

Manage the configurations of RAM users

To manage the configurations of RAM users, you must be a DMS administrator or a DBA.

  1. Log on to the DMS console V5.0.
  2. In the top navigation bar, click O&M. In the left-side navigation pane, click Configuration Management.

    Note

    If you use the DMS console in simple mode, move the pointer over the 2022-10-21_15-25-22.png icon in the upper-left corner of the DMS console and choose All functions > O&M > Configuration Management.

  3. Manage the configurations of RAM users.
    • Whether to enable RAM permission verification
      EnabledDescription
      Yes: This is the default setting.
      • A RAM user to which the AdministratorAccess policy is attached is initialized as a DMS administrator.
      • If a RAM user is a regular user in DMS and the ReadOnlyAccess policy is attached to the RAM user for accessing RDS and MongoDB databases in the Resource Access Management (RAM) console, the RAM user can perform the following operations in DMS:
        • Query a database instance that is managed in Security Collaboration mode.
          Note No permission record is provided.
        • Log on to a database instance that is managed in Flexible Management or Stable Change mode.
          Note The permission record shows that the user has the RAM permissions on a specific service such as RDS and is automatically granted the permissions to log on to the corresponding database instance in DMS for 180 days.
      NoIf you disable this feature, no role or permission is initialized for a RAM user in DMS.
    • Allow sub-accounts to automatically join the tenant
      EnabledDescription
      Yes: This is the default setting.After you create a RAM user for your Alibaba Cloud account, the RAM user is automatically added to the DMS tenant to which the Alibaba Cloud account belongs when you log on to the DMS console.
      NoIf you disable this feature, you must manually add the RAM user that you create for your Alibaba Cloud account to the DMS tenant to which the Alibaba Cloud account belongs. For more information, see Add a user.