Permissions for roles|OceanBase Cloud| docs|Distributed Database

Permissions for roles

Last Updated：2025-12-03 08:20:27 Updated

This topic describes the permissions for different roles.

Role permissions

The organization roles and their permissions for users logged in to the OceanBase website are different from those for users logged in to the Huawei Cloud Mall. For more information about how to add or remove organization members for users logged in to the Huawei Cloud Mall, see Add or remove organization members.

Role permissions for users logged in through the OceanBase official website

Role	Description
Organization Admin	The owner of the organization and the role with the highest permissions in the organization. Each organization has only one organization admin. The permissions include: Managing members in the organization and editing the role types of organization members. Granting all kinds of operation permissions in other roles. All operation permissions of the billing admin. All operation permissions of the project admin.
Organization Member	Read-only permissions for the current organization. Can be invited to be the instance admin or project member.
Billing Admin	Access and operation permissions for all features in the billing module, including the permissions to view bills, orders, payment details, and export related data.

Role permissions for users logged in through the Huawei Cloud Mall

Role	Description
Organization Admin	The owner of the organization and the role with the highest permissions in the organization. Each organization has only one organization admin. The permissions include: Add enterprise members in Huawei Cloud Mall - Joint Operation Service - Enterprise Management. Grant all kinds of operation permissions in other roles. All operation permissions of the billing admin. All operation permissions of the project admin.
Organization Member	Read-only permissions for the current organization. Can be invited to be the instance admin or project member.
Billing Admin	Access and operation permissions for all features in the billing module, including the permissions to view bills, orders, payment details, and export related data.

Role permissions in a project

Module	Feature	Project owner	Project admin	Instance admin	Data read/write	Data services admin	Project member
Project management	Invite project admins	Invite	Invite (excluding project admins)	View	View	View	View
Cross-project bidirectional authorization	Initiate/accept cross-project bidirectional authorization	Initiate/accept	View	View	View	View	View
Product payment	Create instances	Place order and pay	Place order and pay	View	View	Place order (only for data migration instances)	View
Product payment	Renew annual/montly instances	Place order and pay	Place order and pay	View	View	Place order (only for data migration instances)	View
Product payment	Change instance specifications	Place order and pay	Place order and pay	View	View	Place order (only for data migration instances)	View
Product payment	Renew annual/montly instances		Pay	View	View	Pay (only for data migration instances)	View
Product payment	Change instance specifications		Pay	View	View	Pay (only for data migration instances)	View
Instance management	Pause/Start instances	Edit	Edit	Edit	View	View	View
Instance management	Release existing instances	Edit	Edit	Edit	View	View	View
Instance management	Manage proxy nodes	Edit	Edit	Edit	View	View	View
Tenant management	Create tenants	Edit	Edit	Edit	View	View	View
Tenant management	Change tenant specifications	Edit	Edit	Edit	View	View	View
Tenant management	Create tenant connections	Edit	Edit	Edit	View	View	View
Tenant management	Rename tenants	Edit	Edit	Edit	View	View	View
Tenant management	Create accounts	Edit	Edit	Edit	View	View	View
Tenant management	Create databases	Edit	Edit	Edit	View	View	View
Performance monitoring	Create custom monitoring dashboards	Edit	Edit	Edit	View	View	View
Backup and restore	All backup and restore features	Edit	Edit	Edit	View	View	View
Parameter management	Modify parameters	Edit	Edit	Edit	View	View	View
Major compaction management	Initiate major compactions	Edit	Edit	Edit	View	View	View
Major compaction management	Modify major compaction time	Edit	Edit	Edit	View	View	View
Major compaction management	View major compaction history	View	View	View	View	View	View
Diagnostics	SQL diagnostics	Edit	Edit	Edit	View	View	View
Diagnostics	Session management	Edit	Edit	Edit	View	View	View
Diagnostics	SQL audit	Edit	Edit	No permission	Edit	No permission	No permission
Data import	Import data	Edit	Edit	View	View	Edit	View
Alert management	Configure alert rules	Edit	Edit	Edit (instances, data lifecycle)	View	Edit (Data Services)	View
Alert management	Mute alert notifications	Edit	Edit	Edit (instances, data lifecycle)	View	Edit (Data Services)	View
Alert management	Manage alert contacts	Edit	Edit	Edit	View	View	View
Binlog	Configure Binlog	Edit	Edit	Edit	View	View	View
Data migration	Assess compatibility	Edit	Edit	View	View	Edit	View
Data migration	Migrate data	Edit	Edit	View	View	Edit	View
Data migration	Assess performance	Edit	Edit	View	View	Edit	View
SQL Console	SQL Console	Edit	Edit	No permission	Edit	No permission	No permission
Historical events	Console operation audit	View	View	View	No permission	No permission	No permission
Data lifecycle management	Archive data	Edit	Edit	View	View	Edit	View
Data lifecycle management	Purge data	Edit	Edit	View	View	Edit	View
Data sources	Manage data sources	Edit	Edit	View	View	Edit	View
Tutorials	Try interactive tutorials	Edit	Edit	Edit (features that can be edited by this role)	Edit (features that can be edited by this role)	Edit (features that can be edited by this role)	View
Network configuration	Add VPC peering	Edit	Edit	Edit	View	View	View
Integrations	Configure external ecosystem accounts	Edit	Edit	Edit	Edit	View	View