Prepare the database accounts for data synchronization - Data Transmission Service

When you configure a data synchronization task, you must specify the database accounts for the source and destination databases. The database accounts are used for data synchronization. Different databases and synchronization types require different permissions. You must create and authorize database accounts before you configure a data synchronization task.

Permissions required for the source database account


Database	Required permission	References
ApsaraDB RDS for MySQL instance	Read permissions on the objects to synchronize	Create databases and accounts for an ApsaraDB RDS for MySQL instance and Modify the permissions of a standard account on an ApsaraDB RDS for MySQL instance
Self-managed MySQL database	The SELECT permission on the objects to synchronize The REPLICATION CLIENT, REPLICATION SLAVE, and SHOW VIEW permissions Permissions to create databases and tables. The permissions allow Data Transmission Service (DTS) to create a database named dts to record heartbeat data during synchronization.	Create an account for a user-created MySQL database and configure binary logging
PolarDB for MySQL cluster	Read permissions on the objects to synchronize	Create a database account
PolarDB for Oracle cluster	Permissions of a privileged account	Create database accounts
PolarDB-X 1.0 instance	Read permissions on the objects to synchronize	Manage database accounts
ApsaraDB RDS for SQL Server instance	The owner permission on the source database Note A privileged account has the required permissions.	Modify the permissions of a standard account on an ApsaraDB RDS for SQL Server instance
Self-managed SQL Server database	The permissions of the sysadmin role	CREATE USER and GRANT (Transact-SQL)
ApsaraDB RDS for PostgreSQL instance	Permissions of a privileged account. The account must be the owner of the database. Note If the source database runs on an ApsaraDB RDS for PostgreSQL instance V9.4 and you synchronize only DML operations, the database account must have the REPLICATION permission.	Create an account on an ApsaraDB RDS for PostgreSQL instance and Create a database on an ApsaraDB RDS for PostgreSQL instance
Self-managed PostgreSQL database	Permissions of the superuser role	CREATE USER and GRANT
ApsaraDB for Redis instance	Read permissions on the objects to synchronize	Create and manage database accounts
Self-managed Redis database	The `PSYNC` or `SYNC` statement can be executed on the source Redis database.	None
ApsaraDB for MongoDB instance	Full data migration: read permissions on the source database Incremental data migration: read permissions on the source database, the admin database, and the local database	For more information, see Manage user permissions on MongoDB databases.
Self-managed MongoDB database	Full data migration: the read permissions on the source database Incremental data migration: the read permissions on the source database, the admin database, and the local database	For more information, see db.createUser().
Self-managed TiDB database	The SELECT permission on objects to migrate and the SHOW VIEW permission	Privilege Management

Permissions required for the destination database account


Database	Required permission	References
ApsaraDB RDS for MySQL instance	Read and write permissions on the destination database	Create databases and accounts for an ApsaraDB RDS for MySQL instance and Modify the permissions of a standard account on an ApsaraDB RDS for MySQL instance
Self-managed MySQL database	The ALL permission on the destination database	Create an account for a user-created MySQL database and configure binary logging
PolarDB for MySQL cluster	The ALL permission on the destination database	Create a database account
PolarDB for Oracle cluster	The permissions of the database owner	You can specify the database owner when you create a database.
PolarDB-X 1.0 instance	Write permissions on the objects to synchronize	Manage database accounts
ApsaraDB for Redis instance	If you use the instance password, no authorization is required.	None
ApsaraDB for Redis instance	If you use a custom account, read and write permissions are required.	Create and manage database accounts
Self-managed Redis database	The database password must be valid.	None
ApsaraDB for MongoDB instance	The dbAdminAnyDatabase permission, read and write permissions on the destination database, and read permissions on the local database	For more information, see Manage user permissions on MongoDB databases.
Self-managed MongoDB database	The dbAdminAnyDatabase permission, the read and write permissions on the destination database, and the read permissions on the local database	For more information, see db.createUser().
AnalyticDB for MySQL cluster	Version 2.0: DTS automatically creates a database account and grants permissions to the account. You do not need to specify the database account. Version 3.0: Read and write permissions are required.	Version 3.0: Create a database account
AnalyticDB for PostgreSQL instance	The initial account or an account that has the RDS_SUPERUSER permission is required.	Initial account: Create a database account An account that has the RDS_SUPERUSER permission: Manage users and permissions
Message Queue for Apache Kafka instance	N/A Note If the instance type of the Message Queue for Apache Kafka instance is VPC Instance, you do not need to specify the database account or database password.	None
Self-managed Kafka cluster	N/A Note If no authentication is enabled for the Kafka cluster, you do not need to enter the username or password.	None
DataHub project	You do not need to specify the database account when you configure the task.	None
Elasticsearch cluster	The logon name and logon password that are specified when you create the Elasticsearch cluster. The default logon name is elastic.	Create an Elasticsearch cluster
MaxCompute project	The CREATE TABLE, CREATE INSTANCE, CREATE RESOURCE, CREATE JOB, and List permissions on the project to synchronize	When you configure the data synchronization task, DTS automatically authorizes the database account.
Tablestore	You do not need to specify the database account when you configure the task.	None

Permissions required for the database accounts in two-way data synchronization tasks

The following table lists the permissions that are required for the source and destination database accounts in two-way data synchronization tasks. The permissions allow DTS to create a database named dts in the source and destination databases to prevent circular data replication.


Database	Required permission	References
ApsaraDB RDS for MySQL instance	Permissions of a privileged account	Create databases and accounts for an ApsaraDB RDS for MySQL instance
Self-managed MySQL database	The SELECT permission on the objects to synchronize The REPLICATION CLIENT, REPLICATION SLAVE, and SHOW VIEW permissions The permissions to create databases and tables. The permissions allow DTS to create a database named dts to prevent circular data replication.	Create an account for a user-created MySQL database and configure binary logging
ApsaraDB RDS for PostgreSQL instance	Permissions of a privileged account. The account must be the owner of the database.	Create an account on an ApsaraDB RDS for PostgreSQL instance and Create a database on an ApsaraDB RDS for PostgreSQL instance
Self-managed PostgreSQL database	Permissions of the superuser role	CREATE USER and GRANT
PolarDB for MySQL cluster	Permissions of a privileged account	Create a database account
ApsaraDB for Redis instance	If you use the instance password, no authorization is required.	None
ApsaraDB for Redis instance	If you use a custom account, the read and write permissions are required.	Create and manage database accounts
Self-managed Redis database	The `PSYNC` or `SYNC` statement can be executed on the source Redis database.	None