Help Center/ Database Security Service/ User Guide/ Database Security Encryption Management/ System administrator operation guide/ Data Encryption and Decryption/ Managing Authorization
Updated on 2025-04-16 GMT+08:00
View PDF
Share

Managing Authorization

You can grant permissions to clients and database users who access the database on the Authorization Management page.

The authorization management module supports client and user authorization. Obtain the intersection of client and user authorization. For details, see Authorizing Clients and Authorizing Users.

The management authorization example is described as follows:

Table 1 Configuration example description

Parameter

Example Value

Client Authorization

IP address range:

  • 192.168.0.100~192.168.0.120
  • 192.168.1.100~192.168.1.120

User Authorization

The WordPress user can query, add, and modify permissions.

The configuration result is as follows:

  • A user whose IP address is 192.168.0.105 can view plaintext data when accessing the database uses WordPress in proxy mode.
  • A user whose IP address is 192.168.0.105 can only view encrypted data when accessing the database uses non-WordPress in proxy mode.
  • A user whose IP address is 192.168.3.105 can only view encrypted data when accessing the database uses WordPress in proxy mode.

Authorizing Clients

Grant permissions to control clients access to database.

  1. Log in to a database encryption and access control instance as the sysadmin user.
  2. In the navigation pane, choose Data Encryption > Authorization Management.
  3. In the data source list, click a data source.
  4. Locate the target encrypted database table and click Client Authorization.
  5. In the Client Authorization dialog box, set the client IP address range, time range, and week range.

    Figure 1 Client authorization
    • You can set the start IP address and end IP address for an IP address range. You can click to add multiple IP address ranges. A maximum of 10 IP address ranges can be set.
    • The value ranges from 00 to 23. The value indicates the hour. For example, the value 10 indicates 10:00-10:59, including 10:00 and 10:59. If the time range is set to 08-18, the time range is 08:00-18:59, including 08:00 and 18:59.

  6. Click Save.

Authorizing Users

Grant permissions to control user access to database.

  1. Log in to a database encryption and access control instance as the sysadmin user.
  2. In the navigation pane, choose Data Encryption > Authorization Management.
  3. In the data source list, click a data source.
  4. Locate the target encrypted database table and click User Authorization.
  5. In the displayed dialog box, set the database user to be authorized.

    Figure 2 User authorization

  6. Click Save.