Permission Application and Approval
NineData supports data security control within organizations and provides corresponding approval workflows. You can apply for permissions or approve permission requests submitted by other users.
Prerequisites
- You have created or joined an organization, and this organization has subscribed to either or . Please ensure that your annual or monthly subscription is still active. For more information, please refer to Manage Organizations.
- Your current account has switched to the target organization. For more information, please refer to Switching to an Organization.
Apply for Data Source Permissions
For data sources in the organization that you don't have permissions to view, you can submit a request to apply for permissions. Once the request is approved, you'll be able to perform corresponding operations on that data source.
Log in to the NineData Console.
In the left navigation pane, click on > .
tipIf you can't find , make sure your console is in organization mode. To switch from personal mode to organization mode, please refer to Switch to Organization.
On the page, click on the button in the upper right corner.
On the page, configure the settings based on the table below and click .
Parameter Description Select the type of permission you want to apply for. The currently supported types are: Select the data source for which you want to apply for permission. Choose the type of permissions you need to apply for. Depending on the type of data source, different permission types are available. Please refer to the console page for accurate information: - : Choose operational permissions for the target data source.
- : Perform read-only operations on the data source.
- + DML: Perform read-only and DML operations on the data source.
- + DML + DDL: Perform read-only, DML, and DDL operations on the data source.
- : Choose whether to allow submitting SQL tasks for this data source.
- : Choose whether to allow submitting data export tasks for this database.
- : Choose whether to allow submitting data import tasks for this database.
- : Select whether to allow data archiving tasks to be submitted for this database.
- : Specify whether data tracking and rollback tasks are allowed for this database.
Select the validity period of the permission. After the validity period expires, the permission will be automatically revoked. You can choose from the following options: , , , , , , , .
allows you to input a custom number of days, within the range of 1 to 10000.Provide the reason for applying for permission. Based on the selected , there are four scenarios for : - Approval workflow not enabled: Displays , and permissions are automatically acquired after clicking .
- Approval workflow enabled: Click on the approval person dropdown to select an approver. Only users configured as in will be shown in the list.
- Enabling approval workflow and activating : the option will not be displayed.
- Application not allowed: Displays , and you cannot submit an application. Please contact .
After submitting the application, the page will automatically redirect to the page. Wait for the status of the application to change from to .
Apply for Database Permissions
You can individually apply for permissions for a specific database within a target data source. Once the request is approved, you'll be able to perform corresponding operations on that database.
Log in to the NineData Console.
In the left navigation pane, click on > .
tipIf you can't find , make sure your console is in organization mode. To switch from personal mode to organization mode, please refer to Switch to Organization.
On the page, click on the button in the upper right corner.
On the page, configure the settings based on the table below and click .
Parameter Description Select the type of permission you want to apply for. The currently supported types are: Select the data source where the target database resides. Select the database for which you want to apply for permission. For Oracle, this corresponds to a Schema. For PostgreSQL, you can also select a corresponding Schema. Leave it empty to apply for permissions for all Schemas in the target database. Choose the type of permissions you need to apply for. Depending on the type of data source, different permission types are available. Please refer to the console page for accurate information: - : Choose operational permissions for the target data source.
- : Perform read-only operations on the data source.
- + DML: Perform read-only and DML operations on the data source.
- + DML + DDL: Perform read-only, DML, and DDL operations on the data source.
- : Choose whether to allow submitting SQL tasks for this data source.
- : Choose whether to allow submitting data export tasks for this database.
- : Choose whether to allow submitting data import tasks for this database.
- : Select whether to allow data archiving tasks to be submitted for this database.
- : Specify whether data tracking and rollback tasks are allowed for this database.
Select the validity period of the permission. After the validity period expires, the permission will be automatically revoked. You can choose from the following options: , , , , , , , .
allows you to input a custom number of days, within the range of 1 to 10000.Provide the reason for applying for permission. Based on the selected , there are three scenarios for : - Approval workflow not enabled: Displays , and permissions are automatically acquired after clicking .
- Approval workflow enabled: Click on the approval person dropdown to select an approver. Only users configured as in will be shown in the list.
- Enabling approval workflow and activating : the option will not be displayed.
- Application not allowed: Displays , and you cannot submit an application. Please contact .
After submitting the application, the page will automatically redirect to the page. Wait for the status of the application to change from to .
Apply Table Permissions
You can apply for permissions for a specific table in the target database. Table permissions are primarily used for data querying operations. If any modifications to the table are required, it is recommended to apply for permissions at the database or data source level.
Log in to the NineData Console.
In the left navigation pane, click > .
tipIf you can't find , please make sure your console is in organization mode. To switch from personal mode to organization mode, see Switch to Organization.
On the page, click at the top right corner.
On the page, configure according to the table below and click .
Parameter Description Choose the type of permission you want to apply for. Currently supported types include: Select the data source where the table you want to apply for permissions is located. Click to select the table you want to apply for permissions, then click . Choose the type of permission you want to apply for. Available types include: - : Choose operation permissions for the target table.
- : Read-only operations on the table.
- + DML: Read-only operations and DML operations on the table.
- + DML + DDL: Read-only operations, DML operations, and DDL operations on the table.
- : Choose whether to allow submission of data export tasks for this table.
Choose the validity period of the permission. The permission will be automatically revoked after the expiration. Available options are , , , , , , , .
allows you to input the number of days you want to apply for, within the range of 1~10000.Input the reason for applying for permissions. Based on the associated with , there are four situations: - Approval process not enabled: Display , click to automatically obtain permissions for this database.
- Approval process enabled: Click the dropdown to select an approver. Only users configured in with role will be displayed in the list.
- Approval process enabled with enabled: The option is not displayed.
- Application not allowed: Display , you cannot submit an application. Please contact .
After submitting the application, the page will automatically redirect to the page. Wait for the application status to change from to .
Applying for Sensitive Column Permissions
When data in a data source contains sensitive columns that cannot be directly viewed, you can apply for sensitive column permissions. Once your application is approved, you will be able to view sensitive columns within the target data source that you have permission to access.
Log in to the NineData Console.
In the left navigation bar, click on > .
tipIf you can't find , please ensure that your console is in organization mode. For instructions on switching from personal mode to organization mode, refer to Switching to Organization Mode.
On the page, click on the button in the upper-right corner.
On the page, configure the parameters according to the table below and click .
Parameter Description Choose the type of permission you want to apply for. The following types are currently supported: Select the data source containing the sensitive columns you want to apply to view.
Note: If the selected does not have an associated approval process, you cannot apply for sensitive column permissions. Contact to configure it and reapply.Add the sensitive columns you want to apply to view. Steps:
1. Click to search for the sensitive columns you want to view. You can quickly locate the target sensitive columns by filtering by database, table, or directly searching for column names.
2. On the list of sensitive columns, select the checkboxes next to the target sensitive columns, and click at the bottom-right of the page.Select the sensitive column permission types to apply for: - -: View permissions for sensitive columns in the SQL Console.
- -: Export permissions for sensitive columns in data exports.
Choose the validity period of the permission. After the validity period expires, the permission will be automatically revoked. You can choose from options like , , , , , , , .
allows you to input a custom number of days within the range of 1~10000.Enter the reason for applying for permission. Based on the associated with the selected , the following four scenarios can occur: - Approval process not enabled: Displays , clicking automatically grants you permission to view the sensitive columns.
- Approval process enabled: Click the dropdown list of approvers to select an approver. The list only displays users configured in with the role .
- Enabling approval workflow and activating : the option will not be displayed.
- Not allowed to apply: Displays , indicating you cannot submit the application. Contact for assistance.
After submitting the application, the page will automatically redirect to the page. Wait for the status of the work order to change from to .
Viewing or Managing Work Orders
You can view all the work orders you've submitted, those awaiting your approval, and all the work orders within your organization. Additionally, you can manage the work orders you've submitted and those awaiting your submission.
Log in to the NineData Console.
In the left navigation bar, click on > .
tipIf you can't find , please ensure that your console is in organization mode. For instructions on switching from personal mode to organization mode, refer to Switching to Organization Mode.
Viewing Work Orders
- The tab will automatically display all the work orders you've submitted.
- Click on the tab to view all work orders awaiting your approval.
- Click on the tab to view all work orders within the current organization.
Managing Work Orders
Click on the work order ID or the column on the right to open the details page of the work order. The details page contains the , , , and . Depending on your role as the submitter or approver of the work order and the status of the work order, you can perform the following actions:
- : Transfer the work order to another user for approval (visible when the work order status is and you are the submitter or approver of the work order). After clicking , you need to select the and click .
- : Reject the work order application (visible when the work order status is and you are the approver of the work order). After clicking , you need to input the reason for rejection and click .
- : Approve the work order application (visible when the work order status is and you are the approver of the work order). After clicking , you can input the approval reason and click .
- : Withdraw the work order application (visible when the work order status is and you are the submitter of the work order). After clicking , you need to click in the confirmation box that appears. Please note that the undo action cannot be undone, so proceed with caution.
- : Delete the work order (visible when the work order status is and you are the submitter of the work order). After clicking , you need to click in the confirmation box that appears. Please note that the delete action cannot be undone, so proceed with caution.