DataWorks lets you control access to Hologres data by setting an authorized identity, applying for permissions, and approving applications. You can view your application records in My Applications and manage approval tasks in My Approval Tasks.
Prerequisites
-
You have created a Hologres instance. For more information, see Purchase a Hologres instance.
-
You have added a Hologres data source. For more information, see Hologres data source.
-
You have collected metadata for the Hologres data source. For more information, see Metadata collection.
-
The database containing the target Hologres tables must have its Permission Policy set to Standard Postgresql Authorization Model. For more information, see Switch permission models.
Set an authorized identity
DataWorks uses a designated user, called the authorized identity, to access each Hologres instance. Only an Alibaba Cloud account or a RAM user that has the AdministratorAccess policy can set the authorized identity.
-
On the Permission Application tab, set Data Source Type to Hologres.
-
To the right of the Authorized Identity field, click Configure Authorization Identity.
-
In the Hologres instance authorization identity configuration window, specify an identity for each Hologres instance. The window lists all Hologres instances associated with the current workspace. From the drop-down list for each instance, select an Alibaba Cloud account or a RAM user to execute authorization commands. After making your selections, click OK.
NoteIf the authorized identity is a RAM user, ensure that the specified RAM user has the AliyunHologresReadOnlyAccess policy and is assigned the
SuperUserrole for the Hologres instance.
Apply for permissions
-
Go to the Permission Application tab.
-
Select the tables for which you want to apply for permissions.
-
Set Data Source Type to Hologres, and then specify the Hologres Instance and Database.
-
In the Tables to Be Added section, select the data tables for which you want to apply for permissions.
-
In the table, select the required permissions. The supported table-level permissions are
Select,Insert,Update,Delete,Truncate, andALL.-
Selecting the checkbox in the header row applies the corresponding permission to all tables.
-
To deselect a permission for a specific table, clear the checkbox for that permission.
-
-
-
Configure the Application information.
Parameter
Description
User
Select the user who needs the permissions.
-
Current login account: Applies for permissions on the target tables for the Alibaba Cloud account currently logged in to the DataWorks workspace.
-
Apply on Behalf of Others: Applies for permissions on behalf of another Alibaba Cloud account. If you select this option, you must configure the Other identity parameter.
Reason for Application
Enter the reason for the permission request.
Table-level permissions for Hologres are permanent. You cannot set an expiration time.
NoteYou can apply for Hologres data access permissions only for the current account or another RAM user. You cannot apply for permissions as a scheduling access account. In addition, explicit authorization supports only RAM users, not RAM roles, as grantees.
-
-
Click Apply for Permissions to submit the application.
You can view the application's approval details and records on the My Applications page.
Approve permission applications
-
View pending applications.
In the left-side navigation pane, choose Application & approval > My Approval Tasks and click the Data access control tab. Set Data Source Type to Hologres and filter the results as needed to find applications pending your approval.
NoteAn application for permissions on multiple tables is automatically split into multiple applications based on the table owners.
-
View approval details.
Click Approval in the Operation column of the target application. In the Approval details dialog box, you can view information such as Application Details and Approval record.
-
Approve or reject the application.
Based on the application details and your current requirements, enter your Approval Comments, and then click Agree or Reject.
You can also select all applications on the My Approval Tasks page, click Batch Agree or Batch Reject, enter your Approval Comments, and batch-process the applications.
View application and approval records
-
You can withdraw Hologres permission applications that are in the Approving state. Renewal is not supported because approved Hologres permissions are permanent.
-
The permission audit tab on the Data access control page currently supports only the MaxCompute engine. You cannot perform permission audits for the Hologres engine on this tab.
-
The Permission application records and Permission approval records tabs will be migrated to the My Applications and My Approval Tasks pages under the Application & approval group. We recommend that you use the new pages.
-
View permission application records: In the left-side navigation pane, choose Application & approval > My Applications and click the Data access control tab. You can filter the records by criteria such as Approval status, Application Time, and Hologres Instance to view the application records associated with your Alibaba Cloud account.
You can also click View details in the Operation column of the target application to view its details. Additionally, for applications with an Approval status of Approving, you can Withdrawal the application.
-
View permission approval records: In the left-side navigation pane, choose Application & approval > My Approval Tasks and click the Data access control tab. Set the task status to All. You can filter the records by criteria such as Application account number, Approval Results, and Hologres Instance to view your approval records.