Skip to main content

Permission Application and Approval

NineData supports data security control within organizations and provides corresponding approval workflows. You can apply for permissions or approve permission requests submitted by other users.

Prerequisites

  • You have created or joined an organization, and this organization has subscribed to either or . Please ensure that your annual or monthly subscription is still active. For more information, please refer to Manage Organizations.
  • Your current account has switched to the target organization. For more information, please refer to Switching to an Organization.

Apply for Data Source Permissions

For data sources in the organization that you don't have permissions to view, you can submit a request to apply for permissions. Once the request is approved, you'll be able to perform corresponding operations on that data source.

  1. Log in to the NineData Console.

  2. In the left navigation pane, click on > .

    tip

    If you can't find , make sure your console is in organization mode. To switch from personal mode to organization mode, please refer to Switch to Organization.

  3. On the page, click on the button in the upper right corner.

  4. On the page, configure the settings based on the table below and click .

    Parameter
    		Description
    Select the type of permission you want to apply for. The currently supported types are:
    Select in this case.
    Select the data source for which you want to apply for permission.
    Select the desired permission type to apply for. The available permission types vary based on the different data source types:
    MySQL
    • : Choose operational permissions for the target data source.
      • : Perform read-only operations on the data source.
      • + DML: Perform read-only and DML operations on the data source.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the data source.
    • : Choose whether to allow submitting SQL tasks for this data source.
    • : Choose whether to allow submitting data export tasks for this database.
    • : Choose whether to allow submitting data import tasks for this database.
    • : Select whether to allow data archiving tasks to be submitted for this database.
    SQL Server
    • : Choose operational permissions for the target data source.
      • : Perform read-only operations on the data source.
      • + DML: Perform read-only and DML operations on the data source.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the data source.
    • : Choose whether to allow submitting SQL tasks for this data source.
    • : Choose whether to allow data export tasks to be submitted for this datasource.
    • : Choose whether to allow submitting data import tasks for this database.
    PostgreSQL|DWS|openGauss|GaussDB
    • : Choose operational permissions for the target data source.
      • : Perform read-only operations on the data source.
      • + DML: Perform read-only and DML operations on the data source.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the data source.
    • : Choose whether to allow submitting SQL tasks for this data source.
    • : Choose whether to allow submitting data export tasks for this database.
    MongoDB
    • :
      • : Perform read-only operations on the data source.
      • + DML: Perform read-only and DML operations on the data source.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the data source.
    • : Choose whether to allow submitting SQL tasks for this data source.
    Redis
    • :
      • : Perform read-only operations on the data source.
      • + DML: Perform read-only and DML operations on the data source.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the data source.
    • : Choose whether to allow submitting SQL tasks for this data source.
    Doris |SelectDB
    • : Choose operational permissions for the target data source.
      • : Perform read-only operations on the data source.
      • + DML: Perform read-only and DML operations on the data source.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the data source.
    • : Choose whether to allow submitting SQL tasks for this data source.
    Elasticsearch
    :
    • : Perform read-only operations on the data source.
    • + DML: Perform read-only and DML operations on the data source.
    • + DML + DDL: Perform read-only, DML, and DDL operations on the data source.
    ClickHouse
    :
    • : Perform read-only operations on the data source.
    • + DML: Perform read-only and DML operations on the data source.
    • + DML + DDL: Perform read-only, DML, and DDL operations on the data source.
    Oracle|OceanBase Oracle
    • : Choose operational permissions for the target data source.
      • : Perform read-only operations on the data source.
      • + DML: Perform read-only and DML operations on the data source.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the data source.
    • : Choose whether to allow submitting SQL tasks for this data source.
    • : Choose whether to allow data export tasks to be submitted for this data source.
    DB2
    • : Choose operational permissions for the target data source.
      • : Perform read-only operations on the data source.
      • + DML: Perform read-only and DML operations on the data source.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the data source.
    DaMeng
    • : Choose operational permissions for the target data source.
      • : Perform read-only operations on the data source.
      • + DML: Perform read-only and DML operations on the data source.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the data source.
    KingBase
    • : Choose operational permissions for the target data source.
      • : Perform read-only operations on the data source.
      • + DML: Perform read-only and DML operations on the data source.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the data source.
    • : Choose whether to allow submitting SQL tasks for this data source.
    TiDB
    • :
      • : Perform read-only operations on the data source.
      • + DML: Perform read-only and DML operations on the data source.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the data source.
    • : Choose whether to allow submitting SQL tasks for this data source.
    Select the validity period of the permission. After the validity period expires, the permission will be automatically revoked. You can choose from the following options: , , , , , , , .
    allows you to input a custom number of days, within the range of 1 to 10000.
    Provide the reason for applying for permission.
    Based on the selected , there are three scenarios for :
    • Approval workflow not enabled: Displays , and permissions are automatically acquired after clicking .
    • Approval workflow enabled: Click on the approval person dropdown to select an approver. Only users configured as in will be shown in the list.
    • Enabling approval workflow and activating : the option will not be displayed.
    • Application not allowed: Displays , and you cannot submit an application. Please contact .

  5. After submitting the application, the page will automatically redirect to the page. Wait for the status of the application to change from to .

Apply for Database Permissions

You can individually apply for permissions for a specific database within a target data source. Once the request is approved, you'll be able to perform corresponding operations on that database.

  1. Log in to the NineData Console.

  2. In the left navigation pane, click on > .

    tip

    If you can't find , make sure your console is in organization mode. To switch from personal mode to organization mode, please refer to Switch to Organization.

  3. On the page, click on the button in the upper right corner.

  4. On the page, configure the settings based on the table below and click .

    Parameter
    		Description
    Select the type of permission you want to apply for. The currently supported types are:
    Select in this case.
    Select the data source where the target database resides.
    Select the database for which you want to apply for permission. For Oracle, this corresponds to a Schema. For PostgreSQL, you can also select a corresponding Schema. Leave it empty to apply for permissions for all Schemas in the target database.
    Select the required permission type. Different permission types can be applied based on the type of data source:
    MySQL
    • : Choose operational permissions for the target database.
      • : Perform read-only operations on the database.
      • + DML: Perform read-only and DML operations on the database.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the database.
    • : Choose whether to allow submitting SQL tasks for this database.
    • : Choose whether to allow submitting data export tasks for this database.
    • : Choose whether to allow submitting data import tasks for this database.
    SQL Server
    • : Choose operational permissions for the target database.
      • : Perform read-only operations on the database.
      • + DML: Perform read-only and DML operations on the database.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the database.
      • : Choose whether to allow data export tasks to be submitted for this database.
    • : Choose whether to allow submitting SQL tasks for this database.
    PostgreSQL|DWS|openGauss|GaussDB
    • : Choose operational permissions for the target database.
      • : Perform read-only operations on the database.
      • + DML: Perform read-only and DML operations on the database.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the database.
    • : Choose whether to allow submitting SQL tasks for this database.
    • : Choose whether to allow submitting data export tasks for this database.
    MongoDB
    • : Choose operational permissions for the target database.
      • : Perform read-only operations on the database.
      • + DML: Perform read-only and DML operations on the database.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the database.
    • : Choose whether to allow submitting SQL tasks for this database.
    Redis
    • : Choose operational permissions for the target database.
      • : Perform read-only operations on the database.
      • + DML: Perform read-only and DML operations on the database.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the database.
    • : Choose whether to allow submitting SQL tasks for this database.
    Doris |SelectDB
    • : Choose operational permissions for the target database.
      • : Perform read-only operations on the database.
      • + DML: Perform read-only and DML operations on the database.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the database.
    • : Choose whether to allow submitting SQL tasks for this database.
    Elasticsearch
    :
    • : Perform read-only operations on the database.
    • + DML: Perform read-only and DML operations on the database.
    • + DML + DDL: Perform read-only, DML, and DDL operations on the database.
    ClickHouse
    :
    • : Perform read-only operations on the database.
    • + DML: Perform read-only and DML operations on the database.
    • + DML + DDL: Perform read-only, DML, and DDL operations on the database.
    Oracle|OceanBase Oracle
    • : Choose operational permissions for the target database.
      • : Perform read-only operations on the database.
      • + DML: Perform read-only and DML operations on the database.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the database.
    • : Choose whether to allow submitting SQL tasks for this database.
    • : Choose whether to allow data export tasks to be submitted for this Schema.
    DB2
    • : Choose operational permissions for the target database.
      • : Perform read-only operations on the database.
      • + DML: Perform read-only and DML operations on the database.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the database.
    DaMeng
    • : Choose operational permissions for the target database.
      • : Perform read-only operations on the database.
      • + DML: Perform read-only and DML operations on the database.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the database.
    KingBase
    • : Choose operational permissions for the target database.
      • : Perform read-only operations on the database.
      • + DML: Perform read-only and DML operations on the database.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the database.
    • : Choose whether to allow submitting SQL tasks for this database.
    TiDB
    • : Choose operational permissions for the target database.
      • : Perform read-only operations on the database.
      • + DML: Perform read-only and DML operations on the database.
      • + DML + DDL: Perform read-only, DML, and DDL operations on the database.
    • : Choose whether to allow submitting SQL tasks for this database.
    Select the validity period of the permission. After the validity period expires, the permission will be automatically revoked. You can choose from the following options: , , , , , , , .
    allows you to input a custom number of days, within the range of 1 to 10000.
    Provide the reason for applying for permission.
    Based on the selected , there are three scenarios for :
    • Approval workflow not enabled: Displays , and permissions are automatically acquired after clicking .
    • Approval workflow enabled: Click on the approval person dropdown to select an approver. Only users configured as in will be shown in the list.
    • Enabling approval workflow and activating : the option will not be displayed.
    • Application not allowed: Displays , and you cannot submit an application. Please contact .

  5. After submitting the application, the page will automatically redirect to the page. Wait for the status of the application to change from to .

Apply Table Permissions

You can apply for permissions for a specific table in the target database. Table permissions are primarily used for data querying operations. If any modifications to the table are required, it is recommended to apply for permissions at the database or data source level.

  1. Log in to the NineData Console.

  2. In the left navigation pane, click > .

    tip

    If you can't find , please make sure your console is in organization mode. To switch from personal mode to organization mode, see Switch to Organization.

  3. On the page, click at the top right corner.

  4. On the page, configure according to the table below and click .

    ParameterDescription
    Choose the type of permission you want to apply for. Currently supported types include:
    Choose here.
    Select the data source where the table you want to apply for permissions is located.
    Click to select the table you want to apply for permissions, then click .
    Choose the type of permission you want to apply for. Available types include:
    • : Choose operation permissions for the target database.
      • : Read-only operations on the database.
      • + DML: Read-only operations and DML operations on the database.
      • + DML + DDL: Read-only operations, DML operations, and DDL operations on the database.
    • : Choose whether to allow submission of data export tasks for this database.
    Choose the validity period of the permission. The permission will be automatically revoked after the expiration. Available options are , , , , , , , .
    allows you to input the number of days you want to apply for, within the range of 1~10000.
    Input the reason for applying for permissions.
    Based on the associated with , there are four situations:
    • Approval process not enabled: Display , click to automatically obtain permissions for this database.
    • Approval process enabled: Click the dropdown to select an approver. Only users configured in with role will be displayed in the list.
    • Approval process enabled with enabled: The option is not displayed.
    • Application not allowed: Display , you cannot submit an application. Please contact .

  5. After submitting the application, the page will automatically redirect to the page. Wait for the application status to change from to .

Applying for Sensitive Column Permissions

When data in a data source contains sensitive columns that cannot be directly viewed, you can apply for sensitive column permissions. Once your application is approved, you will be able to view sensitive columns within the target data source that you have permission to access.

  1. Log in to the NineData Console.

  2. In the left navigation bar, click on > .

    tip

    If you can't find , please ensure that your console is in organization mode. For instructions on switching from personal mode to organization mode, refer to Switching to Organization Mode.

  3. On the page, click on the button in the upper-right corner.

  4. On the page, configure the parameters according to the table below and click .

    Parameter
    		Description
    Choose the type of permission you want to apply for. The following types are currently supported:
    Select here.
    Select the data source containing the sensitive columns you want to apply to view.
    Note: If the selected does not have an associated approval process, you cannot apply for sensitive column permissions. Contact to configure it and reapply.
    Add the sensitive columns you want to apply to view. Steps:
    1. Click to search for the sensitive columns you want to view. You can quickly locate the target sensitive columns by filtering by database, table, or directly searching for column names.
    2. On the list of sensitive columns, select the checkboxes next to the target sensitive columns, and click at the bottom-right of the page.
    Select the sensitive column permission types to apply for:
    • -: View permissions for sensitive columns in the SQL window.
    • -: Export permissions for sensitive columns in data exports.
    Choose the validity period of the permission. After the validity period expires, the permission will be automatically revoked. You can choose from options like , , , , , , , .
    allows you to input a custom number of days within the range of 1~10000.
    Enter the reason for applying for permission.
    Based on the associated with the selected , the following three scenarios can occur:
    • Approval process not enabled: Displays , clicking automatically grants you permission to view the sensitive columns.
    • Approval process enabled: Click the dropdown list of approvers to select an approver. The list only displays users configured in with the role .
    • Enabling approval workflow and activating : the option will not be displayed.
    • Not allowed to apply: Displays , indicating you cannot submit the application. Contact for assistance.

  5. After submitting the application, the page will automatically redirect to the page. Wait for the status of the work order to change from to .

Viewing or Managing Work Orders

You can view all the work orders you've submitted, those awaiting your approval, and all the work orders within your organization. Additionally, you can manage the work orders you've submitted and those awaiting your submission.

  1. Log in to the NineData Console.

  2. In the left navigation bar, click on > .

    tip

    If you can't find , please ensure that your console is in organization mode. For instructions on switching from personal mode to organization mode, refer to Switching to Organization Mode.

    Viewing Work Orders

    1. The tab will automatically display all the work orders you've submitted.
    2. Click on the tab to view all work orders awaiting your approval.
    3. Click on the tab to view all work orders within the current organization.

    Managing Work Orders

    Click on the work order ID or the column on the right to open the details page of the work order. The details page contains the , , , and . Depending on your role as the submitter or approver of the work order and the status of the work order, you can perform the following actions:

    • : Transfer the work order to another user for approval (visible when the work order status is and you are the submitter or approver of the work order). After clicking , you need to select the and click .
    • : Reject the work order application (visible when the work order status is and you are the approver of the work order). After clicking , you need to input the reason for rejection and click .
    • : Approve the work order application (visible when the work order status is and you are the approver of the work order). After clicking , you can input the approval reason and click .
    • : Withdraw the work order application (visible when the work order status is and you are the submitter of the work order). After clicking , you need to click in the confirmation box that appears. Please note that the undo action cannot be undone, so proceed with caution.
    • : Delete the work order (visible when the work order status is and you are the submitter of the work order). After clicking , you need to click in the confirmation box that appears. Please note that the delete action cannot be undone, so proceed with caution.
Last updated on