Prepare database accounts for data synchronization

更新时间:
复制 MD 格式

When you configure a data synchronization task, you must provide the database accounts for the source and destination databases. The required permissions vary depending on the database and synchronization types. Before you configure a sync task, you must create the database accounts and grant them the required permissions.

Required permissions for the source database account

Database

Required permissions

Creation and authorization method

ApsaraDB RDS for MySQL

Read permission on the objects to be synchronized.

For more information, see Create databases and accounts and Modify account permissions.

self-managed MySQL

  • The SELECT permission on the objects to be synchronized.

  • The REPLICATION CLIENT, REPLICATION SLAVE, and SHOW VIEW permissions.

  • The permissions to create databases and tables. These permissions allow DTS to create a database named test to advance the binary log position.

For more information, see Create an account and configure binary logging for a self-managed MySQL database.

PolarDB for MySQL

Read permission on the objects to be synchronized.

Create and manage database accounts.

PolarDB for PostgreSQL (Compatible with Oracle)

privileged account.

Create a database account.

PolarDB-X 1.0

Read permission on the objects to be synchronized.

Account Management

ApsaraDB RDS for SQL Server

Owner permission for the database that contains the objects to be synchronized.

Note

A privileged account meets this requirement.

For more information, see Modify account permissions.

Self-managed SQL Server

sysadmin permission.

CREATE USER and user permissions management.

ApsaraDB RDS for PostgreSQL

A privileged account that is the owner (authorized account) of the selected database.

Note

If the source database is an ApsaraDB RDS for PostgreSQL 9.4 instance and you only need to synchronize DML operations, the account only needs the replication permission.

For more information, see Create an account and Create a database.

Self-managed PostgreSQL

superuser permission.

For more information, see the CREATE USER and GRANT syntax.

ApsaraDB for Redis instance

Read and write permissions on the objects to be synchronized.

For more information, see Create and manage accounts.

Self-managed Redis

There is no concept of users or permissions. The account must be able to run the psync or sync command.

N/A

ApsaraDB for MongoDB

  • Full data migration: read permission on the database to be migrated.

  • Incremental data migration: read permission on the database to be migrated, the admin database, and the local database.

For more information, see Use DMS to manage MongoDB database users.

Self-managed MongoDB

  • Full data migration: read permission on the database to be migrated.

  • Incremental data migration: read permission on the database to be migrated, the admin database, and the local database.

For more information, see the MongoDB Create User documentation.

Self-managed TiDB

SHOW VIEW permission and SELECT permission on the objects to be migrated.

Permission Management

Required permissions for the destination database account

Database

Required permissions

Creation and authorization method

ApsaraDB RDS for MySQL

Read and write permissions on the destination database.

For more information, see Create databases and accounts and Modify account permissions.

self-managed MySQL

ALL permission on the destination database.

For more information, see Create an account and configure binary logging for a self-managed MySQL database.

PolarDB for MySQL

ALL permission on the destination database.

For more information, see Create and manage database accounts.

PolarDB for PostgreSQL (Compatible with Oracle)

database owner permissions.

The database owner is specified during database creation.

PolarDB-X 1.0

Write permission on the database that contains the objects to be synchronized.

Account Management

Tair (Redis OSS-compatible)

If you use the instance password, no authorization is required.

N/A

If you use a custom account, it requires read and write permissions.

For more information, see Create and manage accounts.

Self-managed Redis

There is no concept of users or permissions. Simply provide the correct database password.

N/A

ApsaraDB for MongoDB

dbAdminAnyDatabase permission, readWrite permission on the destination database, and read permission on the local database.

For more information, see Use DMS to manage MongoDB database users.

Self-managed MongoDB

dbAdminAnyDatabase permission, readWrite permission on the destination database, and read permission on the local database.

For more information, see the MongoDB Create User documentation.

AnalyticDB for MySQL

  • Version 2.0: You do not need to enter database account information. DTS automatically creates an account and grants permissions.

  • Version 3.0: Read and write permissions.

Version 3.0: Create a database account

AnalyticDB for PostgreSQL

The initial account or an account with the RDS_SUPERUSER permission.

Message Queue for Kafka

This parameter is optional and has no default value.

Note

If the Kafka instance is a VPC-connected instance, you do not need to configure a database account or logon password.

N/A

Self-managed Kafka

This parameter is optional and has no default value.

Note

If authentication is not enabled for the Kafka cluster, you do not need to provide account information.

N/A

DataHub

You do not need to configure a database account.

N/A

Elasticsearch

The logon name (default: elastic) and logon password that were set when the instance was created.

Create an instance.

MaxCompute

CREATE TABLE, CREATE INSTANCE, CREATE RESOURCE, CREATE JOB, and List permissions on the project to be synchronized.

The system automatically grants the permissions when you configure the sync task.

Tablestore

You do not need to configure a database account.

N/A

Permission requirements for bidirectional synchronization tasks

Bidirectional synchronization tasks require additional permissions for the source and destination database accounts. These permissions allow DTS to create a database named dts in both databases to prevent replication loops.

Database

Required permissions

Creation and authorization method

ApsaraDB RDS for MySQL

privileged account.

Create a database and an account.

self-managed MySQL

SELECT permission on the objects to be synchronized.

REPLICATION CLIENT, REPLICATION SLAVE, and SHOW VIEW permissions.

Permission to create databases and tables. This permission allows DTS to create the dts database to prevent replication loops.

For more information, see Create an account and configure binary logging for a self-managed MySQL database.

ApsaraDB RDS for PostgreSQL

A privileged account that is the owner (authorized account) of the selected database.

Create an account and create a database.

Self-managed PostgreSQL

superuser permission.

For more information, see the CREATE USER and GRANT syntax.

PolarDB for MySQL

privileged account.

Create and manage database accounts.

Tair (Redis OSS-compatible)

If you use the instance password, no authorization is required.

N/A

If you use a custom account, it requires read and write permissions.

For more information, see Create and manage accounts.

Self-managed Redis

This operation does not require any user accounts or permissions. You can simply execute the psync or sync command.

N/A