Adding Data Access Authorization
Administrators can grant data access privileges to data consumers by adding authorization records.
Prerequisites
Before configuring data access permissions for O&M users, O&M roles and organizations, relevant objects shall be pre-configured respectively under User Management > Platform Users, User Management > System Roles and User Management > Company.
Adding New Authorization
- Logging in to the Database Operations and Maintenance Management System using the sysadmin system administrator account.
- Select Ops Asset Management > Ops Asset Control on the left navigation pane to display the asset control list.
- Select a target Ops Asset Control entry and click the Config button to open a new browser page.
- Select Security Control > Data Access Authorization to display the data access authorization list.
- Click the Add Authorization button to bring up the Add Authorization page. Figure 1 Adding uthorization
- Fill in basic information and condition information, then click Next. (Names must be unique within the same O&M asset control repository.)
Table 1 Parameter escription for step 1 of adding data access permission Parameter
Description
Authorization Name
Basic Information: Data access permission name. (Required)
Authorization description
Basic information: Additional labels for permissions and supplementary remarks.
Operations and Maintenance User
Condition information: A virtual account created by a platform user can log in to manage the platform and the bastion host platform. By configuring authorization settings for this user, you can grant them corresponding table field permissions.
Operations and Maintenance Role
Condition information: Under User Management> System Roles Functions, create the role and follow the system role operation steps during creation. By configuring authorization settings for this role, you can grant corresponding table field permissions to users under this role.
Organization
Condition Information: In the User Management-Organization Management function, create the organization information. Refer to the operation steps in the User Management-Organization function for the creation process. By configuring authorization settings for this organization, you can grant corresponding table field permissions to users under it.
Database User
Condition information: Enter the database user restrictions for permitted access. By configuring these user permissions, you can grant corresponding table field permissions to the user.
Authorization Time
Condition information: The expiration time for user authorization. It can be set to never expires, or specify authorization periods in minutes, hours, days, months, or never expires. The default is never expiring. According to the principle of minimizing authorization, administrators are advised to specify a detailed authorization period.
The authorization period starts from the time the data access permission is enabled. (Required)
- Click Next, and the system pops up the page for privilege scope selection.
- Select the schemas of data sources bound to the Ops Asset Control repository as well as target tables to be authorized, then click Next to redirect to the configuration page for CRUD privileges of table fields. Figure 2 Adding uthorization
Table 2 Parameter escription for step 2 of adding data access permission Parameter
Description
Schema list
Permission Scope: Select schemas belonging to data sources bound to the O&M asset control repository. Multi-select and select-all are available. If Select All is ticked, all tables under each schema will be selected by default.
Table list
Permission Scope: Select target tables to be authorized from bound data sources of the O&M asset control repository. Multi-select and select-all are supported.
- Configure CRUD permissions for table fields (i.e., authorization types), which are checked by default; adjust tick options as required.
- Click the OK button.
Related Operations
Subsequent operations can be performed on the Data Access Authorization List page as needed:
- Enable: Select the target data access authorization record and click Enable to activate the authorization.
- Disable: Select the target data access authorization record and click Deactivate to invalidate the authorization.
- Edit: Select the target data access authorization record and click Edit to modify basic information, condition settings, authorized schemas, authorized tables and field CRUD privileges as required.
The authorization granularity for data access permissions can be specified precisely to include add, delete, modify, and query permissions for table field data.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot