When you configure a data synchronization task, you must provide the database accounts for the source and destination databases. The required permissions vary depending on the database and synchronization types. Before you configure a sync task, you must create the database accounts and grant them the required permissions.
Required permissions for the source database account
Database | Required permissions | Creation and authorization method |
ApsaraDB RDS for MySQL | Read permission on the objects to be synchronized. | For more information, see Create databases and accounts and Modify account permissions. |
self-managed MySQL |
| For more information, see Create an account and configure binary logging for a self-managed MySQL database. |
PolarDB for MySQL | Read permission on the objects to be synchronized. | |
PolarDB for PostgreSQL (Compatible with Oracle) | privileged account. | |
PolarDB-X 1.0 | Read permission on the objects to be synchronized. | |
ApsaraDB RDS for SQL Server | Owner permission for the database that contains the objects to be synchronized. Note A privileged account meets this requirement. | For more information, see Modify account permissions. |
Self-managed SQL Server | sysadmin permission. | |
ApsaraDB RDS for PostgreSQL | A privileged account that is the owner (authorized account) of the selected database. Note If the source database is an ApsaraDB RDS for PostgreSQL 9.4 instance and you only need to synchronize DML operations, the account only needs the replication permission. | For more information, see Create an account and Create a database. |
Self-managed PostgreSQL | superuser permission. | For more information, see the CREATE USER and GRANT syntax. |
ApsaraDB for Redis instance | Read and write permissions on the objects to be synchronized. | For more information, see Create and manage accounts. |
Self-managed Redis | There is no concept of users or permissions. The account must be able to run the | N/A |
ApsaraDB for MongoDB |
| For more information, see Use DMS to manage MongoDB database users. |
Self-managed MongoDB |
| For more information, see the MongoDB Create User documentation. |
Self-managed TiDB | SHOW VIEW permission and SELECT permission on the objects to be migrated. |
Required permissions for the destination database account
Database | Required permissions | Creation and authorization method |
ApsaraDB RDS for MySQL | Read and write permissions on the destination database. | For more information, see Create databases and accounts and Modify account permissions. |
self-managed MySQL | ALL permission on the destination database. | For more information, see Create an account and configure binary logging for a self-managed MySQL database. |
PolarDB for MySQL | ALL permission on the destination database. | For more information, see Create and manage database accounts. |
PolarDB for PostgreSQL (Compatible with Oracle) | database owner permissions. | The database owner is specified during database creation. |
PolarDB-X 1.0 | Write permission on the database that contains the objects to be synchronized. | |
Tair (Redis OSS-compatible) | If you use the instance password, no authorization is required. | N/A |
If you use a custom account, it requires read and write permissions. | For more information, see Create and manage accounts. | |
Self-managed Redis | There is no concept of users or permissions. Simply provide the correct database password. | N/A |
ApsaraDB for MongoDB | dbAdminAnyDatabase permission, readWrite permission on the destination database, and read permission on the local database. | For more information, see Use DMS to manage MongoDB database users. |
Self-managed MongoDB | dbAdminAnyDatabase permission, readWrite permission on the destination database, and read permission on the local database. | For more information, see the MongoDB Create User documentation. |
AnalyticDB for MySQL |
| Version 3.0: Create a database account |
AnalyticDB for PostgreSQL | The initial account or an account with the RDS_SUPERUSER permission. |
|
Message Queue for Kafka | This parameter is optional and has no default value. Note If the Kafka instance is a VPC-connected instance, you do not need to configure a database account or logon password. | N/A |
Self-managed Kafka | This parameter is optional and has no default value. Note If authentication is not enabled for the Kafka cluster, you do not need to provide account information. | N/A |
DataHub | You do not need to configure a database account. | N/A |
Elasticsearch | The logon name (default: elastic) and logon password that were set when the instance was created. | |
MaxCompute | CREATE TABLE, CREATE INSTANCE, CREATE RESOURCE, CREATE JOB, and List permissions on the project to be synchronized. | The system automatically grants the permissions when you configure the sync task. |
Tablestore | You do not need to configure a database account. | N/A |
Permission requirements for bidirectional synchronization tasks
Bidirectional synchronization tasks require additional permissions for the source and destination database accounts. These permissions allow DTS to create a database named dts in both databases to prevent replication loops.
Database | Required permissions | Creation and authorization method |
ApsaraDB RDS for MySQL | privileged account. | |
self-managed MySQL | SELECT permission on the objects to be synchronized. REPLICATION CLIENT, REPLICATION SLAVE, and SHOW VIEW permissions. Permission to create databases and tables. This permission allows DTS to create the dts database to prevent replication loops. | For more information, see Create an account and configure binary logging for a self-managed MySQL database. |
ApsaraDB RDS for PostgreSQL | A privileged account that is the owner (authorized account) of the selected database. | |
Self-managed PostgreSQL | superuser permission. | For more information, see the CREATE USER and GRANT syntax. |
PolarDB for MySQL | privileged account. | |
Tair (Redis OSS-compatible) | If you use the instance password, no authorization is required. | N/A |
If you use a custom account, it requires read and write permissions. | For more information, see Create and manage accounts. | |
Self-managed Redis | This operation does not require any user accounts or permissions. You can simply execute the | N/A |