If you want an Alibaba Cloud engineer to perform operations on your Hologres instance, you must grant permissions on your Hologres instance to a service account and specify the expiration time of the permissions. In this case, the engineer can provide technical support by using the service account. When the expiration time arrives, the permissions of the service account are automatically revoked. This topic describes how to enable and disable a service account and how to query the operation records and authorization records of the service account.
Limits
Only Hologres V0.10 and later allow you to grant permissions to a service account. You can view the version of your Hologres instance in the Hologres console. If the version of your Hologres instance is earlier than V0.10, manually upgrade your Hologres instance in the Hologres console or join a Hologres DingTalk group to apply for an instance upgrade. For more information about how to manually upgrade a Hologres instance, see Instance upgrades. For more information about how to join a Hologres DingTalk group, see Obtain online support for Hologres.
Only users assigned with the superuser role can enable or disable a service account.
You cannot enable or disable a service account for an instance that is connected by using HoloWeb. For more information about how to connect to an instance, see Connect to an instance.
Enable a service account
Log on to the Hologres console.
In the top navigation bar, select the region in which your Hologres instance resides.
On the Instances page, click the ID of your Hologres instance.
In the left-side navigation pane of the Instance Details page, click Account Management.
On the User Management page, click the Service Account Authorization tab.
On the Service Account Authorization tab, turn on Permissions of Technical Support in the Permission Status column.
In the Set Expiration Time of Permission dialog box, set the Expiration Time of Permission parameter.
Click OK.
After you turn on the switch, the system creates an account named
BASIC$holo_support. This account is assigned with the superuser role. This account can be used to query and modify configurations, table schemas, and indexes. This account can also be used to execute SQL statements and query data.
Disable the service account
Log on to the Hologres console.
In the top navigation bar, select the region in which your Hologres instance resides.
On the Instances page, click the ID of your Hologres instance.
In the left-side navigation pane of the Instance Details page, click Account Management.
On the User Management page, click the Service Account Authorization tab.
On the Service Account Authorization tab, turn off Permissions of Technical Support in the Permission Status column.
Query operation records of the service account
You can execute the following SQL statement to query the operations that are performed by the service account from the query log.
SELECT
*
FROM
hologres.hg_query_log
WHERE
usename = '"BASIC$holo_support"';Query authorization records of the service account
You can query the records of enabling and disabling the service account in the ActionTrail console. For more information, see Query events in the ActionTrail console. You can obtain the accounts that are used to enable or disable the service account of a Hologres instance and the time when the service account is enabled or disabled from the queried records.