Skip to main content

Request and approve permissions

NineData uses permission requests and approval workflows to control organization-level data access. Users can request access to data sources, databases, tables, or sensitive columns. Approvers can then review, approve, reject, transfer, withdraw, or delete requests based on their role and request status.

Use this guide to submit permission requests and manage the resulting requests.

Before you begin

  • You have created or joined an organization, and this organization has subscribed to either DevOps Pro or DevOps Enterprise. Please ensure that your annual or monthly subscription is still active. For more information, please refer to Manage Organizations.
  • Your current account has switched to the target organization. For more information, please refer to Switching to an Organization.

Procedure

Follow the section that matches the permission scope you need.

Request data source permissions

Request data source permissions when a data source exists in the organization but is not currently available to your account. After the request is approved, use the access allowed by the approved permission type.

  1. Sign in to the NineData Console.

  2. Open Account > Access Application.

    tip

    If Account is not displayed, make sure your console is in organization mode. To switch from personal mode to organization mode, see Switch to organization.

  3. On the Access Application page, click Apply for Permission.

  4. On the Apply Permission page, configure the parameters and click Submit.

    Parameter
    Description
    Apply TypeSelect the type of permission you want to apply for. The currently supported types are:
    • Datasource
    • Database
    • Tables
    • Sensitive Column
    Select Datasource in this case.
    DatasourceSelect the data source for which you want to apply for permission.
    Authorization TypeChoose the permission type to request. Depending on the type of data source, different permission types are available. See the console page for accurate information:
    • SQL Console: Choose operational permissions for the target data source.
      • Read-only: Perform read-only operations on the data source.
      • DML: Perform DML operations on the data source.
      • DDL: Perform DDL operations on the data source.
    • SQL Task: Choose whether to allow submitting SQL tasks for this data source.
    • Data Export: Choose whether to allow submitting data export tasks for this database.
    • Data Import: Choose whether to allow submitting data import tasks for this database.
    • Archive & Clean: Select whether to allow data archiving tasks to be submitted for this database.
    • Data Tracking and Rollback: Specify whether data tracking and rollback tasks are allowed for this database.
    Expire DaysSelect how long the permission remains valid. After the validity period expires, NineData revokes the permission. Available options are 7 Days, 30 Days, 60 Days, 90 Days, 6 Months, 1 Year, 3 Years, and Customized.
    Customized lets you enter a custom number of days from 1 to 10000.
    Application ReasonProvide the reason for applying for permission.
    Approval ProcessThe available behavior depends on the selected Datasource and Approval Process configuration:
    • Approval workflow not enabled: NineData displays According to the policy, the approval process is not enabled for the current data source, so the submission will be automatically approved upon submission.. After you click Submit, NineData grants the permission.
    • Approval workflow enabled: Select an approver from the approver dropdown. The list shows only users configured as Administrator in Approval Process.
    • Approval workflow enabled with Not Specifying Approvers: The Approval Process option is not displayed.
    • Application not allowed: NineData displays According to the policy, the data source does not allow submitting an application.. Submission is unavailable. Contact Administrator.
  5. After you submit the application, NineData opens the Details page. Wait until the application status changes from Pending to Approved.

Request database permissions

Request database permissions when access is required for a specific database under a data source. After the request is approved, use the access allowed by the approved permission type.

  1. Sign in to the NineData Console.

  2. Open Account > Access Application.

    tip

    If Account is not displayed, make sure your console is in organization mode. To switch from personal mode to organization mode, see Switch to organization.

  3. On the Access Application page, click Apply for Permission.

  4. On the Apply Permission page, configure the parameters and click Submit.

    Parameter
    Description
    Apply TypeSelect the type of permission you want to apply for. The currently supported types are:
    • Datasource
    • Database
    • Tables
    • Sensitive Column
    Select Database in this case.
    DatasourceSelect the data source where the target database resides.
    DatabaseSelect the database for which you want to apply for permission. For Oracle, this corresponds to a Schema. For PostgreSQL, select the corresponding Schema if needed. Leave it empty to apply for permissions for all Schemas in the target database.
    Authorization TypeChoose the permission type to request. Depending on the type of data source, different permission types are available. See the console page for accurate information:
    • SQL Console: Choose operational permissions for the target data source.
      • Read-only: Perform read-only operations on the data source.
      • Read-only + DML: Perform read-only and DML operations on the data source.
      • Read-only + DML + DDL: Perform read-only, DML, and DDL operations on the data source.
    • SQL Task: Choose whether to allow submitting SQL tasks for this data source.
    • Data Export: Choose whether to allow submitting data export tasks for this database.
    • Data Import: Choose whether to allow submitting data import tasks for this database.
    • Archive & Clean: Select whether to allow data archiving tasks to be submitted for this database.
    • Data Tracking and Rollback: Specify whether data tracking and rollback tasks are allowed for this database.
    Expire DaysSelect how long the permission remains valid. After the validity period expires, NineData revokes the permission. Available options are 7 Days, 30 Days, 60 Days, 90 Days, 6 Months, 1 Year, 3 Years, and Customized.
    Customized lets you enter a custom number of days from 1 to 10000.
    Application ReasonProvide the reason for applying for permission.
    Approval ProcessThe available behavior depends on the selected Datasource and Approval Process configuration:
    • Approval workflow not enabled: NineData displays According to the policy, the approval process is not enabled for the current data source, so the submission will be automatically approved upon submission.. After you click Submit, NineData grants the permission.
    • Approval workflow enabled: Select an approver from the approver dropdown. The list shows only users configured as Administrator in Approval Process.
    • Approval workflow enabled with Not Specifying Approvers: The Approval Process option is not displayed.
    • Application not allowed: NineData displays According to the policy, the data source does not allow submitting an application.. Submission is unavailable. Contact Administrator.
  5. After you submit the application, NineData opens the Details page. Wait until the application status changes from Pending to Approved.

Request table permissions

Request table permissions when access is required only for specific tables. Table permissions are primarily used for queries. To modify table data or structures, request database-level or data-source-level permissions instead.

  1. Sign in to the NineData Console.

  2. Open Account > Access Application.

    tip

    If Account is not displayed, make sure your console is in organization mode. To switch from personal mode to organization mode, see Switch to organization.

  3. On the Access Application page, click Apply for Permission in the page header.

  4. On the Apply Permission page, configure the settings in the table and click Submit.

    ParameterDescription
    Apply TypeChoose the type of permission you want to apply for. Currently supported types include:
    • Datasource
    • Database
    • Tables
    • Sensitive Column
    Choose Tables here.
    DatasourceSelect the data source where the table you want to apply for permissions is located.
    TablesClick Add to select the table you want to apply for permissions, then click OK.
    Authorization TypeChoose the type of permission you want to apply for. Available types include:
    • SQL Console: Choose operation permissions for the target table.
      • Read-only: Read-only operations on the table.
      • Read-only + DML: Read-only operations and DML operations on the table.
      • Read-only + DML + DDL: Read-only operations, DML operations, and DDL operations on the table.
    • Data Export: Choose whether to allow submission of data export tasks for this table.
    Expire DaysSelect how long the permission remains valid. NineData revokes the permission after it expires. Available options are 7 Days, 30 Days, 60 Days, 90 Days, 6 Months, 1 Year, 3 Years, and Customized.
    Customized lets you enter a custom number of days from 1 to 10000.
    Application ReasonEnter the reason for the permission request.
    Approval ProcessThe behavior depends on Approval Process associated with Datasource:
    • Approval process not enabled: NineData displays According to the policy, the approval process is not enabled for the current data source, so the submission will be automatically approved upon submission.. After you click Submit, NineData grants the permission.
    • Approval process enabled: Select an approver from the dropdown. The list shows only users configured in Approval Process with the Administrator role.
    • Approval process enabled with Not Specifying Approvers: The Approval Process option is not displayed.
    • Application not allowed: NineData displays According to the policy, the data source does not allow submitting an application.. Submission is unavailable. Contact Administrator.
  5. After you submit the application, NineData opens the Details page. Wait until the application status changes from Pending to Approved.

Request sensitive column permissions

Request sensitive column permissions when masked or protected columns must be viewed in plaintext. After approval, view the approved sensitive columns within the target data source scope.

  1. Sign in to the NineData Console.

  2. Open Account > Access Application.

    tip

    If Account is not displayed, make sure your console is in organization mode. To switch from personal mode to organization mode, see Switch to organization.

  3. On the Access Application page, click Apply for Permission in the page header.

  4. On the Apply Permission page, configure the parameters in the table and click Submit.

    Parameter
    Description
    Apply TypeChoose the type of permission you want to apply for. Supported types include:
    • Datasource
    • Database
    • Tables
    • Sensitive Column
    Select Sensitive Column here.
    DatasourceSelect the data source containing the sensitive columns to view.
    Note: If the selected Datasource does not have an associated approval process, sensitive column permission requests are unavailable. Contact Administrator to configure it and reapply.
    Sensitive ColumnAdd the sensitive columns to view. Steps:
    1. Click Add to search for the sensitive columns. Locate target sensitive columns by filtering by database or table, or by searching for column names directly.
    2. On the list of sensitive columns, select the checkboxes next to the target sensitive columns, and click OK at the bottom-right of the page.
    Authorization TypeSelect the sensitive column permission types to apply for:
    • SQL Console-Login with Admin Account: View permissions for sensitive columns in the SQL Console.
    • Data Export-Plain Text Export: Export permissions for sensitive columns in data exports.
    Expire DaysSelect how long the permission remains valid. NineData revokes the permission after it expires. Available options include 7 Days, 30 Days, 60 Days, 90 Days, 6 Months, 1 Year, 3 Years, and Customized.
    Customized lets you enter a custom number of days from 1 to 10000.
    Application ReasonEnter the reason for applying for permission.
    Approval ProcessThe behavior depends on Approval Process associated with the selected Datasource:
    • Approval process not enabled: NineData displays According to the policy, the approval process is not enabled for the current data source, so the submission will be automatically approved upon submission.. After you click Submit, NineData grants the sensitive-column permission.
    • Approval process enabled: Select an approver from the dropdown. The list shows only users configured in Approval Process with the Administrator role.
    • Approval workflow enabled with Not Specifying Approvers: The Approval Process option is not displayed.
    • Application not allowed: NineData displays According to the policy, the data source does not allow submitting an application.. Submission is unavailable. Contact Administrator.
  5. After you submit the application, NineData opens the Details page. Wait until the request status changes from Pending to Approved.

View or manage requests

Use the request list to review requests you submitted, requests awaiting your approval, and all requests in the current organization. Available actions depend on your role and request status.

  1. Sign in to the NineData Console.

  2. Open Account > Access Application.

    tip

    If Account is not displayed, make sure your console is in organization mode. To switch from personal mode to organization mode, see Switch to organization.

View requests

  1. The My Submit tab displays all requests you submitted.
  2. Click the Wait for My Aprv tab to view requests awaiting your approval.
  3. Click the All tab to view requests in the current organization.

Manage requests

Click the request ID or the Actions column to open the request details page. The details page contains Application ID, Details, Approve Process, and Activity History. Available actions depend on your role and request status:

  • Transfer: Transfer the request to another approver. This action is visible when the request status is Pending and you are the submitter or approver. After you click Transfer, select Approver and click OK.
  • Rejected: Reject the request. This action is visible when the request status is Pending and you are the approver. After you click Rejected, enter the rejection reason and click Rejected.
  • Approved: Approve the request. This action is visible when the request status is Pending and you are the approver. After you click Approved, enter the approval reason and click Approved.
  • Withdraw: Withdraw the request. This action is visible when the request status is Pending and you are the submitter. After you click Withdraw, click Withdraw in the confirmation dialog. This action cannot be undone.
  • Delete: Delete the request. This action is visible when the request status is Pending and you are the submitter. After you click Delete, click Delete in the confirmation dialog. This action cannot be undone.

Result

Submitted permission requests enter the approval workflow. After approval, the requested data source, database, table, or sensitive column permissions become available to the requester.