tencent cloud

Database Management Center

Control Instances

PDF
Focus Mode
Font Size
Last updated: 2026-04-16 15:41:00
In enterprise collaboration mode, databases are added to data sources, and control and secure release status are enabled. This ensures security control for controlled instance changes, rule management, and process approvals, improving database security and compliance.
Control Instances also supports one-click login, viewing instance details, modifying execution accounts, granting or revoking user operation permissions, changing instance rule templates, enabling or disabling the secure release status, and exporting the controlled instance list.

Prerequisites

The sub-account has the necessary access permissions for DMC-related feature pages. For details and operations, see DMC User Permission Settings. The root account has full permissions by default.
The instance to be managed should have been added to the data source. For details, see Create Data Source.

Enabling Control Instances

1. Log in to the DMC console.
2. In the left sidebar, select Secure Release > Instance Control > Control Instances.
3. Click Activate Control Instance at the top of the page.
4. In the pop-up dialog box, select the database type, choose an existing data source, select a rule template, and click Activate Now.

The enabled instance will appear in the control instance list with secure release status enabled by default.

Viewing Control Instances

1. Log in to the DMC console.
2. In the left sidebar, select Secure Release > Instance Control > Control Instances.
3. Select the Instance List tab.
4. View the control instance list. The parameters in the list are described in the table below.

Parameter
Description
Data Source ID/Name
The ID and name of the data source.
Database Type
Currently, only MySQL and TDSQL-C Transaction Cluster database types are supported.
Marker
The marker of the data source.
Instance Source
Tencent CloudDB: The source database is a Tencent Cloud database instance.
CVM-Built Instance: The source database is a self-built database on a CVM.
Instance Built on Public Network: The source database is a self-built database on a local server or a third-party cloud vendor’s database.
Execution Account
The execution account of the source database.
Endpoint
The IP address and port number of the source instance.
Billing Mode
The billing mode of the source instance.
Region
The region where the source instance is located.
Source Instance ID
The ID of the source instance.
Secure Release Status
Indicate whether the secure release status is enabled for the control instance.
Rule Template
The rule template bound to the data source.
Status
The current status of the data source, including Normal and Exception.
Operation
View Managed Instance Details: Click View to go to the instance details page. For detailed steps, see Viewing Control Instance Details.
Secure Release Login SQL Window: Click Log In to go to the SQL window page.
Modify Instance Execute Account: Click More > Modify Execution Account. For details, see Modifying the Instance Execute Account.
Authorize User Operation Permissions: Click More > Apply for Permissions. For details, see Authorizing and Revoking User Operation Permissions for an Instance.
Apply for Database and Table Operation Permissions: Click More > Grant Permissions. For details, see Permission Application.
Delete Controlled Instance: Click More > Delete, and then click OK. After deletion, the data source will no longer appear on the control instance page. It will still be displayed on the data source page, but will have control disabled. Control can be re-enabled later as needed.

Viewing Control Instance Details

1. Log in to the DMC console.
2. In the left sidebar, select Secure Release > Instance Control > Control Instances.
3. Select the Instance List tab.
4. In the Operation column for the target instance, click View or click Data Source ID.
5. Viewing Instance Details

Basic Info
You can view details such as the data source ID/name, tag, instance source, database type, source instance ID, region, connection address, billing mode, and source instance tag.
Executing User and Status
View the instance's execution account, status, and secure release status, and enable or disable the secure release status as needed.
Rule Overview
Check the bound rule template and its configurations, including SQL window, SQL change rules, and approvers.
Click Edit in the upper-right corner to modify the rule template. For details, see Create Rule Template.
Note:
If the control instance is bound to a system default template, editing is not supported.
Click Change Template in the upper-right corner of the page to update the bound rule template. For details, see Change an Instance Rule Template.
Authorization Information
Select the Authorization Information tab to view authorized users and their permissions and authorize user permissions or revoke existing permissions.

For details on authorizing and revoking operation permissions, see Authorize and Revoking User Operation Permissions.

Logging in to Control Instances

1. Log in to the DMC console.
2. In the left sidebar, select Secure Release > Instance Control > Control Instances.
3. Select the Instance List tab.
4. Click Log In in the Operation column for the control instance to be logged in.

Go to the SQL window page.

Modifying the Instance Execute Account

1. Log in to the DMC console.
2. In the left sidebar, select Secure Release > Instance Control > Control Instances.
3. Select the Instance List tab.
4. Click More > Modify Execute Account in the Operation column for the target instance.
5. In the pop-up dialog box, modify the execution account and the execution account password, click Test Connectivity, and after the test passes, click OK.


Authorizing and Revoking User Operation Permissions for an Instance

1. Log in to the DMC console.
2. In the left sidebar, select Secure Release > Instance Control > Control Instances.
3. Go to the authorization page using one of the following methods:
Method 1: Select the User Authorization Management tab and choose Authorized users at the top of the page.

Method 2: Select the Instance List tab, and in the Operation column corresponding to the control instance, click More > Grant Permissions.

Method 3: Select the Instance List tab, click View or Data Source ID in the Operation column corresponding to the managed instance, select the Authorization Information tab, and click Authorized users.

4. In the right panel, select the instance, user, database, permissions, and validity period, and click OK.

Note:
If you need to create a user or user group, click Create Users/User Group. For details, see User Operation Instructions and Add Users to User Group.
To revoke a user's operation permissions, either click Revoke in the corresponding Operation column of the user list, or select multiple users and click Revock at the top of the page, and then click OK in the pop-up dialog box.
Note:
The primary account can revoke all account permissions.
Sub-accounts with administrator permissions can revoke permissions of other sub-accounts under the same primary account.
Sub-accounts without administrator permissions can only revoke their own permissions.


Changing an Instance Rule Template

1. Log in to the DMC console.
2. In the left sidebar, select Secure Release > Instance Control > Control Instances.
3. Select the Instance List tab, in the Operation column corresponding to the control instance, click View or click Data Source ID, and select the Rule Overview tab.
4. Click Change Template at the top of the page.

5. In the pop-up dialog box, select a replacement mode.

Replace rule template: Select an existing rule template and click OK.
Create and bind a template: Enter a template name and click OK. After creation, you can click Edit in the upper-right corner of the page to define specific template rules. For details, see Create Rule Template.

Enabling or Disabling Secure Release Status

1. Log in to the DMC console.
2. In the left sidebar, select Secure Release > Instance Control > Control Instances.
3. Select the Instance List tab, and in the Secure Release Status column, click the switch to enable or disable the secure release status.

You can also click View or Data Source ID in the Operation column to access the instance details page and click the secure release status switch.
Note:
Disabling secure release will invalidate the configured rules and user settings for the instance.
If there are ongoing tickets, the secure release status cannot be modified.

Exporting the Control Instance List

1. Log in to the DMC console.
2. In the left sidebar, select Secure Release > Instance Control > Control Instances.
3. Click

in the upper-right corner of the page to download the instance list in .csv format.

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback