Apply for and manage row-level permissions

Prerequisites

Ensure the row-level permissions value-added service is active. For more information, see the referenced document.

Limits

• You can create a maximum of 500 permission rules for a single row-level permission.

• You can apply for a maximum of 200 permission rules at a time.

Permission description

This feature lets you view the row-level permissions to which you have been granted access.

Apply for row-level permissions

1. On the Dataphin home page, choose Management Center > Permission Management from the top menu bar.

2. In the navigation pane on the left, choose My Permissions > Row-Level Permission. On the Row-Level Permission page, click Apply For Row-Level Permission.

3. On the Apply For Row-Level Permission page, configure the parameters.

   Parameter		Description
   Basic Information	Account Type	Based on your business scenario, you can grant row-level permissions to user accounts, project accounts, and user groups at the same time, or grant them individually. User Account: Used for data modeling and development in the development environment. Developed data is published to the production environment. Project Account: Used to manage and run tasks that are submitted to the production environment. User Group: Used to manage the permissions of members within the user group.
   Row-Level Permission Filter	Associated Table	Select the compute source tables and data source tables for which you want to apply for row-level permissions. You can perform a fuzzy search by table name keyword, add tables in a batch to apply for permissions, or click the icon to perform a precise search by Category/Project and Table Type. Table Type: You can select from five table types: Physical Table, View, Logical View, and Logical Table. Board/Project: If the table type is Logical View or Logical Table, select the data board to which the logical table belongs. If the table type is Physical Table or View, select the project to which the physical table belongs. Add Tables in Batches: Click Batch Search And Add. In the Batch Search dialog box, enter the names of the tables to add. For compute source tables, you can perform a precise search using the `project_name.table_name` or `category.table_name` format. For data source tables, you can perform a precise search using the `DB/Schema.table` format. Separate multiple table names with a semicolon (;), a comma (,), or a line feed (\n). Note You can add a maximum of 100 tables when you apply for permissions in a batch. The filter options are optional. If you do not specify filter options, you can select a mix of different table types. If you specify filter options, you can precisely filter the data tables.
   Row-Level Permission Selection		Displays the row-level permissions associated with the selected tables. The information includes the permission name, description, associated tables, whether an application is required, and control rule details. Application Required: Indicates whether the selected account has control rule permissions for the row-level permission on the current associated table. If set to Yes, the selected account does not have control rule permissions for the row-level permission on the current associated table, and an application is recommended. Click the View icon. In the Control Rule Permissions For The Selected Account On The Current Row-level Permission: dialog box, view the accounts that need to request control rule permissions. If set to No, the selected account has control rule permissions for one or more row-level permissions on the current associated table. You can add other control rules. Click the View icon. In the Control Rule Permissions For The Selected Account On The Current Row-level Permission: dialog box, view the control rules for which permissions have already been granted. Control Rule: Select the control rules configured for the current row-level permission.
   Application Reason	Reason	Enter the reason for applying for the row-level permissions. This helps the approver review your request. The reason must be 5 to 512 characters in length.

4. Click Submit Application. After the application is approved, the row-level permissions are granted.

Manage row-level permissions

1. On the Row-Level Permission page, click Description in the upper-right corner to view an explanation of the principles behind row-level permissions, including legend patterns and SQL code.

2. You can view the configured row-level permissions, including their names, hit rules, and associated table information.

3. You can search for row-level permissions by name or filter them by associated table.

4. You can perform the following operations on a specific permission.

   Operation	Description
   View hit rules	Click the number of hit rules or the view icon to view the details of the rules for which you are authorized under this permission.
   View associated tables	Click the number of associated tables or the view icon to view the tables related to this permission.
   View row-level permission	Click the View icon in the Actions column to view the details of the row-level permissions that you are authorized to see.