Updated on 2026-07-07 GMT+08:00

Adding Data Access Authorization

Administrators can grant data access privileges to data consumers by adding authorization records.

Prerequisites

Before configuring data access permissions for O&M users, O&M roles and organizations, relevant objects shall be pre-configured respectively under User Management > Platform Users, User Management > System Roles and User Management > Company.

Adding New Authorization

  1. Logging in to the Database Operations and Maintenance Management System using the sysadmin system administrator account.
  2. Select Ops Asset Management > Ops Asset Control on the left navigation pane to display the asset control list.
  3. Select a target Ops Asset Control entry and click the Config button to open a new browser page.
  4. Select Security Control > Data Access Authorization to display the data access authorization list.
  5. Click the Add Authorization button to bring up the Add Authorization page.

    Figure 1 Adding uthorization

  6. Fill in basic information and condition information, then click Next. (Names must be unique within the same O&M asset control repository.)

    Table 1 Parameter escription for step 1 of adding data access permission

    Parameter

    Description

    Authorization Name

    Basic Information: Data access permission name. (Required)

    Authorization description

    Basic information: Additional labels for permissions and supplementary remarks.

    Operations and Maintenance User

    Condition information: A virtual account created by a platform user can log in to manage the platform and the bastion host platform. By configuring authorization settings for this user, you can grant them corresponding table field permissions.

    Operations and Maintenance Role

    Condition information: Under User Management> System Roles Functions, create the role and follow the system role operation steps during creation. By configuring authorization settings for this role, you can grant corresponding table field permissions to users under this role.

    Organization

    Condition Information: In the User Management-Organization Management function, create the organization information. Refer to the operation steps in the User Management-Organization function for the creation process. By configuring authorization settings for this organization, you can grant corresponding table field permissions to users under it.

    Database User

    Condition information: Enter the database user restrictions for permitted access. By configuring these user permissions, you can grant corresponding table field permissions to the user.

    Authorization Time

    Condition information: The expiration time for user authorization. It can be set to never expires, or specify authorization periods in minutes, hours, days, months, or never expires. The default is never expiring. According to the principle of minimizing authorization, administrators are advised to specify a detailed authorization period.

    The authorization period starts from the time the data access permission is enabled. (Required)

  7. Click Next, and the system pops up the page for privilege scope selection.
  8. Select the schemas of data sources bound to the Ops Asset Control repository as well as target tables to be authorized, then click Next to redirect to the configuration page for CRUD privileges of table fields.

    Figure 2 Adding uthorization
    Table 2 Parameter escription for step 2 of adding data access permission

    Parameter

    Description

    Schema list

    Permission Scope: Select schemas belonging to data sources bound to the O&M asset control repository. Multi-select and select-all are available. If Select All is ticked, all tables under each schema will be selected by default.

    Table list

    Permission Scope: Select target tables to be authorized from bound data sources of the O&M asset control repository. Multi-select and select-all are supported.

  9. Configure CRUD permissions for table fields (i.e., authorization types), which are checked by default; adjust tick options as required.
  10. Click the OK button.

Related Operations

Subsequent operations can be performed on the Data Access Authorization List page as needed:

  • Enable: Select the target data access authorization record and click Enable to activate the authorization.
  • Disable: Select the target data access authorization record and click Deactivate to invalidate the authorization.
  • Edit: Select the target data access authorization record and click Edit to modify basic information, condition settings, authorized schemas, authorized tables and field CRUD privileges as required.

The authorization granularity for data access permissions can be specified precisely to include add, delete, modify, and query permissions for table field data.