📣
TiDB Cloud Premium is now in public preview. Unlimited growth, instant elasticity, advanced security for enterprise workloads. Try it out →

Access Control



TiDB Cloud Lake incorporates both Role-Based Access Control (RBAC) and Discretionary Access Control (DAC) models for its access control functionality. When a user accesses a data object in TiDB Cloud Lake, they must be granted appropriate privileges or roles, or they need to have ownership of the data object. A data object can refer to various elements, such as a database, table, view, stage, or UDF.

Access control

ConceptDescription
PrivilegesPrivileges play a crucial role when interacting with data objects in TiDB Cloud Lake. These permissions, such as read, write, and execute, provide precise control over user actions, ensuring alignment with user requirements and maintaining data security.
RolesRoles simplify access control. Roles are predefined sets of privileges assigned to users, streamlining permission management. Administrators can categorize users based on responsibilities, granting permissions efficiently without individual configurations.
OwnershipOwnership is a specialized privilege for controlling data access. When a user owns a data object, they have the highest control level, dictating access permissions. This straightforward ownership model empowers users to manage their data, controlling who can access or modify it within the TiDB Cloud Lake environment.

This guide describes the related concepts and provides instructions on how to manage access control in TiDB Cloud Lake:

Was this page helpful?