All Products
Search

This Product

    Data Management:Access control

    Document Center

    Data Management:Access control

    Last Updated:Dec 14, 2023

    Access control in Data Management (DMS) is used to manage user permissions for viewing and accessing databases and instances in DMS. This feature helps you ensure data security within your organization.

    Background information

    As a centralized data management service, DMS provides different roles that are granted different permissions. This helps you manage data in your organization in a secure manner. Metadata access control is a new feature of DMS. This feature further ensures data security in your organization. After this feature is enabled, you can ensure that a user can access only those databases on which the user has one or more permissions, and that a database is accessible only to authorized users.

    Note

    In DMS, database permissions include Query, Export, and Change. If you have one of these permissions on a database, you are authorized to access the following information in DMS:

    • Information about the database. You can search for the database in the search box in the upper part of the left-side navigation pane or in the top navigation bar of the DMS console. Alternatively, you can search for the database in the "Select the databases, tables, or columns on which you want to apply for permissions" field on the Ticket Application page. You can query the data in the database only when you have the query permission on the database.

    • Information about the instance to which the database belongs. To view the information about other databases in this instance, you must have permissions on other databases.

    Types of metadata access control

    You can manage metadata access control on the following objects:

    • Users: Users can view and access only databases on which they have permissions.

    • Databases: Databases can be accessed only by users that have permissions on them.

    • Instances: Instances and all databases that belong to the instance can be accessed only by users that have permissions on the instances.

    Before and after access control is enabled

    Whether access control is enabled

    Description

    Disabled

    Regular users can view and access all databases and instances.

    For example, you can enter poc in the upper-left corner to search for instances whose name contains poc.

    You can view the poc_dev instance on which you have permissions and poc_prod instance on which you do not have permissions.

    Enabled

    Regular users can view and access only databases and instances on which they have permissions.

    For example, you can enter poc in the upper-left corner to search for instances whose name contains poc. You can view only the poc_dev instance on which you have permissions and only it will appear. The poc_prod instance on which you have no permissions is not displayed.

    Enable access control

    This example shows the differences in the permissions of a regular user before and after access control is enabled.

    1. Log on to the DMS console V5.0 as an administrator.

    2. In the top navigation bar, click O&M. In the left-side navigation pane, click Users.

      Note

      If you use the DMS console in simple mode, move the pointer over the 2022-10-21_15-25-22.png icon in the upper-left corner of the DMS console and choose All functions > O&M > Users.

    3. On the Users page, find the user for which you want to enable access control and choose More > Access control in the Actions column.

    4. In the User access control dialog box, turn on Metadata access control.

      yuanshuju

    5. Click OK.