Limiting Access for a DataWorks UDF to Specific Accounts

Common Solutions

Solution Limitations

Package Solution

New Role on DataWorks

Role Policy Solution

Role Policy Solution Implementation Details

Step 1: Create a Default Deny UDF Role

odps@ sz_mc>create role denyudfrole;
{
"Version": "1", "Statement":
[{
"Effect":"Deny",
"Action":["odps:Read","odps:List"],
"Resource":"acs:odps:*:projects/sz_mc/resources/getaddr.jar"
},
{
"Effect":"Deny",
"Action":["odps:Read","odps:List"],
"Resource":"acs:odps:*:projects/sz_mc/registration/functions/getregion"
}
] }
odps@ sz_mc>put policy /Users/yangyi/Desktop/role_policy.json on role denyudfrole;
odps@ sz_mc>grant denyudfrole to RAM$yangyi.pt@aliyun-test.com:ramtest;

Step 2: Verifying Role on Console

Step 3: Configure a Project Policy

{
"Version": "1", "Statement":
[{
"Effect":"Allow",
"Principal":"RAM$yangyi.pt@aliyun-test.com:yangyitest",
"Action":["odps:Read","odps:List","odps:Select"],
"Resource":"acs:odps:*:projects/sz_mc/resources/getaddr.jar"
},
{
"Effect":"Allow",
"Principal":"RAM$yangyi.pt@aliyun-test.com:yangyitest",
"Action":["odps:Read","odps:List","odps:Select"],
"Resource":"acs:odps:*:projects/sz_mc/registration/functions/getregion"
}] }
odps@ sz_mc>put policy /Users/yangyi/Desktop/project_policy.json;

Summary

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store