DocsICP FilingConsole
官方文档
首页

Grant permissions to a service account

更新时间:
复制 MD 格式
我的收藏

This page describes how to grant permissions to a service account for a cluster instance.

Background information

If you need assistance from Alibaba Cloud support engineers, you can use the service account authorization feature. This feature lets you grant permissions to support engineers, such as viewing configurations, querying indexes, and accessing data. The support engineers can then operate on your cluster within the specified time and permission scope to provide technical support.

Prerequisites

When a cluster instance is in the Running state, you can grant service account authorization to the cluster.

Note

Service account authorization is not supported for Standard Edition (Key-Value) clusters.

Procedure

  1. Log on to the OceanBase Management Console .

  2. In the navigation pane on the left, click Instance List. Select the target cluster instance to open its Cluster Instance Workbench page.

  3. In the navigation pane on the left, click Security Settings.

  4. On the Service Account Authorization tab, grant the required permissions and set an expiration time. You can grant one or more of the following permissions: Query Permission, SQL Emergency, Database Permission, Session Emergency, and Configuration Permission.

    1. Click the switch under Enable Permission.

      1

      Permission

      Description

      Query Permission

      Lets Alibaba Cloud support engineers view your database indexes and views.

      SQL Emergency

      Lets Alibaba Cloud support engineers perform operations on SQL, such as outline binding and throttling.

      Database permissions

      Lets Alibaba Cloud support engineers execute data query commands, such as SELECT, in all tenants of the cluster.

      Session Emergency

      Once authorized, Alibaba Cloud technical support can terminate database sessions in an emergency.

      Configuration Permission

      After you grant authorization, the Alibaba Cloud helpdesk can view and modify cluster and tenant configurations.

    2. In the Set Authorization Expiration Time dialog box, set a single expiration time for all granted permissions.

      Note

      If you grant multiple permissions, they all share the same expiration time. This time is set when you grant the first permission.

      image

  5. After the authorization is complete, you can disable it at any time by clicking the switch under Enable Permission.

Previous:Security and permissionsNext:AliyunServiceRoleForOceanBaseEncryption