Skip to main content

Permission Application and Approval

NineData supports data security control within organizations and provides corresponding approval workflows. You can apply for permissions or approve permission requests submitted by other users.

Prerequisites

  • You have created or joined an organization, and this organization has subscribed to either DevOps Pro or DevOps Enterprise. Please ensure that your annual or monthly subscription is still active. For more information, please refer to Manage Organizations.
  • Your current account has switched to the target organization. For more information, please refer to Switching to an Organization.

Apply for Data Source Permissions

For data sources in the organization that you don't have permissions to view, you can submit a request to apply for permissions. Once the request is approved, you'll be able to perform corresponding operations on that data source.

  1. Log in to the NineData Console.

  2. In the left navigation pane, click on Account > Access Application.

    tip

    If you can't find Account, make sure your console is in organization mode. To switch from personal mode to organization mode, please refer to Switch to Organization.

  3. On the Access Application page, click on the Apply for Permission button in the upper right corner.

  4. On the Apply Permission page, configure the settings based on the table below and click Submit.

    Parameter
    		Description
    Apply TypeSelect the type of permission you want to apply for. The currently supported types are:
    • Datasource
    • Database
    • Tables
    • Sensitive Column
    Select Datasource in this case.
    DatasourceSelect the data source for which you want to apply for permission.
    Authorization TypeChoose the type of permissions you need to apply for. Depending on the type of data source, different permission types are available. Please refer to the console page for accurate information:
    • SQL Console: Choose operational permissions for the target data source.
      • Read-only: Perform read-only operations on the data source.
      • DML: Perform DML operations on the data source.
      • DDL: Perform DDL operations on the data source.
    • SQL Task: Choose whether to allow submitting SQL tasks for this data source.
    • Data Export: Choose whether to allow submitting data export tasks for this database.
    • Data Import: Choose whether to allow submitting data import tasks for this database.
    • Archive & Clean: Select whether to allow data archiving tasks to be submitted for this database.
    • Data Tracking and Rollback: Specify whether data tracking and rollback tasks are allowed for this database.
    Expire DaysSelect the validity period of the permission. After the validity period expires, the permission will be automatically revoked. You can choose from the following options: 7 Days, 30 Days, 60 Days, 90 Days, 6 Months, 1 Year, 3 Years, Customized.
    Customized allows you to input a custom number of days, within the range of 1 to 10000.
    Application ReasonProvide the reason for applying for permission.
    Approval ProcessBased on the selected Datasource, there are four scenarios for Approval Process:
    • Approval workflow not enabled: Displays According to the policy, the approval process is not enabled for the current data source, so the submission will be automatically approved upon submission., and permissions are automatically acquired after clicking Submit.
    • Approval workflow enabled: Click on the approval person dropdown to select an approver. Only users configured as Administrator in Approval Process will be shown in the list.
    • Enabling approval workflow and activating Not Specifying Approvers: the Approval Process option will not be displayed.
    • Application not allowed: Displays According to the policy, the data source does not allow submitting an application., and you cannot submit an application. Please contact Administrator.

  5. After submitting the application, the page will automatically redirect to the Details page. Wait for the status of the application to change from Pending to Approved.

Apply for Database Permissions

You can individually apply for permissions for a specific database within a target data source. Once the request is approved, you'll be able to perform corresponding operations on that database.

  1. Log in to the NineData Console.

  2. In the left navigation pane, click on Account > Access Application.

    tip

    If you can't find Account, make sure your console is in organization mode. To switch from personal mode to organization mode, please refer to Switch to Organization.

  3. On the Access Application page, click on the Apply for Permission button in the upper right corner.

  4. On the Apply Permission page, configure the settings based on the table below and click Submit.

    Parameter
    		Description
    Apply TypeSelect the type of permission you want to apply for. The currently supported types are:
    • Datasource
    • Database
    • Tables
    • Sensitive Column
    Select Database in this case.
    DatasourceSelect the data source where the target database resides.
    DatabaseSelect the database for which you want to apply for permission. For Oracle, this corresponds to a Schema. For PostgreSQL, you can also select a corresponding Schema. Leave it empty to apply for permissions for all Schemas in the target database.
    Authorization TypeChoose the type of permissions you need to apply for. Depending on the type of data source, different permission types are available. Please refer to the console page for accurate information:
    • SQL Console: Choose operational permissions for the target data source.
      • Read-only: Perform read-only operations on the data source.
      • Read-only + DML: Perform read-only and DML operations on the data source.
      • Read-only + DML + DDL: Perform read-only, DML, and DDL operations on the data source.
    • SQL Task: Choose whether to allow submitting SQL tasks for this data source.
    • Data Export: Choose whether to allow submitting data export tasks for this database.
    • Data Import: Choose whether to allow submitting data import tasks for this database.
    • Archive & Clean: Select whether to allow data archiving tasks to be submitted for this database.
    • Data Tracking and Rollback: Specify whether data tracking and rollback tasks are allowed for this database.
    Expire DaysSelect the validity period of the permission. After the validity period expires, the permission will be automatically revoked. You can choose from the following options: 7 Days, 30 Days, 60 Days, 90 Days, 6 Months, 1 Year, 3 Years, Customized.
    Customized allows you to input a custom number of days, within the range of 1 to 10000.
    Application ReasonProvide the reason for applying for permission.
    Approval ProcessBased on the selected Datasource, there are three scenarios for Approval Process:
    • Approval workflow not enabled: Displays According to the policy, the approval process is not enabled for the current data source, so the submission will be automatically approved upon submission., and permissions are automatically acquired after clicking Submit.
    • Approval workflow enabled: Click on the approval person dropdown to select an approver. Only users configured as Administrator in Approval Process will be shown in the list.
    • Enabling approval workflow and activating Not Specifying Approvers: the Approval Process option will not be displayed.
    • Application not allowed: Displays According to the policy, the data source does not allow submitting an application., and you cannot submit an application. Please contact Administrator.

  5. After submitting the application, the page will automatically redirect to the Details page. Wait for the status of the application to change from Pending to Approved.

Apply Table Permissions

You can apply for permissions for a specific table in the target database. Table permissions are primarily used for data querying operations. If any modifications to the table are required, it is recommended to apply for permissions at the database or data source level.

  1. Log in to the NineData Console.

  2. In the left navigation pane, click Account > Access Application.

    tip

    If you can't find Account, please make sure your console is in organization mode. To switch from personal mode to organization mode, see Switch to Organization.

  3. On the Access Application page, click Apply for Permission at the top right corner.

  4. On the Apply Permission page, configure according to the table below and click Submit.

    ParameterDescription
    Apply TypeChoose the type of permission you want to apply for. Currently supported types include:
    • Datasource
    • Database
    • Tables
    • Sensitive Column
    Choose Tables here.
    DatasourceSelect the data source where the table you want to apply for permissions is located.
    TablesClick Add to select the table you want to apply for permissions, then click OK.
    Authorization TypeChoose the type of permission you want to apply for. Available types include:
    • SQL Console: Choose operation permissions for the target table.
      • Read-only: Read-only operations on the table.
      • Read-only + DML: Read-only operations and DML operations on the table.
      • Read-only + DML + DDL: Read-only operations, DML operations, and DDL operations on the table.
    • Data Export: Choose whether to allow submission of data export tasks for this table.
    Expire DaysChoose the validity period of the permission. The permission will be automatically revoked after the expiration. Available options are 7 Days, 30 Days, 60 Days, 90 Days, 6 Months, 1 Year, 3 Years, Customized.
    Customized allows you to input the number of days you want to apply for, within the range of 1~10000.
    Application ReasonInput the reason for applying for permissions.
    Approval ProcessBased on the Approval Process associated with Datasource, there are four situations:
    • Approval process not enabled: Display According to the policy, the approval process is not enabled for the current data source, so the submission will be automatically approved upon submission., click Submit to automatically obtain permissions for this database.
    • Approval process enabled: Click the dropdown to select an approver. Only users configured in Approval Process with Administrator role will be displayed in the list.
    • Approval process enabled with Not Specifying Approvers enabled: The Approval Process option is not displayed.
    • Application not allowed: Display According to the policy, the data source does not allow submitting an application., you cannot submit an application. Please contact Administrator.

  5. After submitting the application, the page will automatically redirect to the Details page. Wait for the application status to change from Pending to Approved.

Applying for Sensitive Column Permissions

When data in a data source contains sensitive columns that cannot be directly viewed, you can apply for sensitive column permissions. Once your application is approved, you will be able to view sensitive columns within the target data source that you have permission to access.

  1. Log in to the NineData Console.

  2. In the left navigation bar, click on Account > Access Application.

    tip

    If you can't find Account, please ensure that your console is in organization mode. For instructions on switching from personal mode to organization mode, refer to Switching to Organization Mode.

  3. On the Access Application page, click on the Apply for Permission button in the upper-right corner.

  4. On the Apply Permission page, configure the parameters according to the table below and click Submit.

    Parameter
    		Description
    Apply TypeChoose the type of permission you want to apply for. The following types are currently supported:
    • Datasource
    • Database
    • Tables
    • Sensitive Column
    Select Sensitive Column here.
    DatasourceSelect the data source containing the sensitive columns you want to apply to view.
    Note: If the selected Datasource does not have an associated approval process, you cannot apply for sensitive column permissions. Contact Administrator to configure it and reapply.
    Sensitive ColumnAdd the sensitive columns you want to apply to view. Steps:
    1. Click Add to search for the sensitive columns you want to view. You can quickly locate the target sensitive columns by filtering by database, table, or directly searching for column names.
    2. On the list of sensitive columns, select the checkboxes next to the target sensitive columns, and click OK at the bottom-right of the page.
    Authorization TypeSelect the sensitive column permission types to apply for:
    • SQL Console-Login with Admin Account: View permissions for sensitive columns in the SQL Console.
    • Data Export-Enter Baidu Cloud Admin Password: Export permissions for sensitive columns in data exports.
    Expire DaysChoose the validity period of the permission. After the validity period expires, the permission will be automatically revoked. You can choose from options like 7 Days, 30 Days, 60 Days, 90 Days, 6 Months, 1 Year, 3 Years, Customized.
    Customized allows you to input a custom number of days within the range of 1~10000.
    Application ReasonEnter the reason for applying for permission.
    Approval ProcessBased on the Approval Process associated with the selected Datasource, the following four scenarios can occur:
    • Approval process not enabled: Displays According to the policy, the approval process is not enabled for the current data source, so the submission will be automatically approved upon submission., clicking Submit automatically grants you permission to view the sensitive columns.
    • Approval process enabled: Click the dropdown list of approvers to select an approver. The list only displays users configured in Approval Process with the role Administrator.
    • Enabling approval workflow and activating Not Specifying Approvers: the Approval Process option will not be displayed.
    • Not allowed to apply: Displays According to the policy, the data source does not allow submitting an application., indicating you cannot submit the application. Contact Administrator for assistance.

  5. After submitting the application, the page will automatically redirect to the Details page. Wait for the status of the work order to change from Pending to Approved.

Viewing or Managing Work Orders

You can view all the work orders you've submitted, those awaiting your approval, and all the work orders within your organization. Additionally, you can manage the work orders you've submitted and those awaiting your submission.

  1. Log in to the NineData Console.

  2. In the left navigation bar, click on Account > Access Application.

    tip

    If you can't find Account, please ensure that your console is in organization mode. For instructions on switching from personal mode to organization mode, refer to Switching to Organization Mode.

    Viewing Work Orders

    1. The My Submit tab will automatically display all the work orders you've submitted.
    2. Click on the Wait for My Aprv tab to view all work orders awaiting your approval.
    3. Click on the All tab to view all work orders within the current organization.

    Managing Work Orders

    Click on the work order ID or the Actions column on the right to open the details page of the work order. The details page contains the Application ID, Details, Approve Process, and Activity History. Depending on your role as the submitter or approver of the work order and the status of the work order, you can perform the following actions:

    • Transfer: Transfer the work order to another user for approval (visible when the work order status is Pending and you are the submitter or approver of the work order). After clicking Transfer, you need to select the Approver and click OK.
    • Rejected: Reject the work order application (visible when the work order status is Pending and you are the approver of the work order). After clicking Rejected, you need to input the reason for rejection and click Rejected.
    • Approved: Approve the work order application (visible when the work order status is Pending and you are the approver of the work order). After clicking Approved, you can input the approval reason and click Approved.
    • Withdraw: Withdraw the work order application (visible when the work order status is Pending and you are the submitter of the work order). After clicking Withdraw, you need to click Withdraw in the confirmation box that appears. Please note that the undo action cannot be undone, so proceed with caution.
    • Delete: Delete the work order (visible when the work order status is Pending and you are the submitter of the work order). After clicking Delete, you need to click Delete in the confirmation box that appears. Please note that the delete action cannot be undone, so proceed with caution.