All Products
Search

This Product

    Hologres:Use DataWorks with a RAM user

    Document Center

    Hologres:Use DataWorks with a RAM user

    Last Updated:Feb 04, 2026

    This topic describes how a root account creates a RAM user and grants permissions to the RAM user to use DataWorks for data development.

    Background information

    By default, the root account that purchases an instance is the superuser. The superuser has full permissions on the instance.

    Other users must be granted access by the root account before they can access the instance.

    RAM users are subject to two types of access control:

    • RAM permissions

      RAM permissions are optional. After a RAM user is granted the appropriate RAM permissions, the user can manage instances in the Hologres console. Examples include purchasing or deleting instances, upgrading or downgrading instance resources, changing the network type, and viewing instance details.

    • Instance development permissions

      Instance development permissions are required. A RAM user must be granted development permissions on an instance by the root account before connecting to the instance and performing data development tasks.

    Hologres supports two permission models for granting permissions to RAM users: the simple permission model and the standard PostgreSQL authorization model.

    • Simple permission model (recommended)

      The simple permission model is a coarse-grained permission model developed by Hologres based on the PostgreSQL authorization system to improve user experience. For more information, see Simple permission model (SPM).

    • Standard PostgreSQL authorization model

      The standard PostgreSQL authorization model uses the same authorization statements as standard PostgreSQL and is also known as expert mode. You can grant permissions to RAM users using standard PostgreSQL authorization statements. For more information, see Standard PostgreSQL authorization model.

    Create a RAM user

    If you already have a RAM user, you can skip this step.

    1. Log on to the Alibaba Cloud official website as the root account.

    2. Log on to the RAM console as the root account.

    3. In the left navigation pane, under Identity Management, click User.

    4. Click Create User.

      You can also click Add Users to create multiple RAM users in bulk.

    5. In the User Account Information section, enter a Logon Name and a Display Name.

    6. In the Access Mode section, select Console Access.

    7. Set a logon password for the RAM user.

    8. Click OK.

    Grant permissions to the RAM user

    Add the RAM user to a DataWorks workspace

    You must add the RAM user to the appropriate DataWorks workspace before the user can perform data development tasks in DataWorks. Follow these steps:

    1. Go to the workspace configuration page.

      1. Log in to the DataWorks console, switch to the destination region, and click Workspaces.

      2. In the Actions column for the target workspace, click Manage to open the workspace management page.

    2. On the Workspace Members tab, click Add Member in the upper-right corner.

    3. In the Add Member dialog box, click Refresh to sync all RAM users from the current Alibaba Cloud account to the Accounts to Add list. 刷新

    4. In the Accounts to Add list, select the desired member accounts, and then click > to move them to the Added Accounts list.

    5. Select the roles to assign and click OK.

      The workspace creator is assigned the administrator role by default. For more information about role permissions, see Appendix: Predefined role permissions (workspace level).

    6. Log on to the DataWorks console as a RAM user, and on the Data Development and O&M page, click Data Studio.

    7. Perform data development tasks as needed.

    Remove a RAM user from a DataWorks workspace

    1. Go to the workspace configuration page.

      1. Log on to the DataWorks console.

      2. In the left navigation pane, click Workspaces.

      3. In the Actions column for the target workspace, click Manage to open the workspace management page.

    2. On the Workspace Members tab, click Remove in the Actions column for the target member and follow the prompts to complete the operation.

      Note

      After a RAM user is removed from a workspace, the user still retains development permissions on the Hologres instance.