MaxCompute and DataWorks Security Management Guide: Examples

Project Creation Example

Scenario 1: Collaborative Business Development for ETL Tasks

Implementation Steps

Scenario 2: Simple Project Ownership based on Table Creation

Implementation Steps

create role custom_dev;-- Creates a custom role
grant List, CreateInstance,CreateTable,CreateFunction,CreateResource on project prj_name to role custom_dev;-- Grants permission to the custom role
set ObjectCreatorHasAccessPermission=true;    -- By default, this flag is set to true. You can run the following command to check the configuration
show SecurityConfiguration;
You can also configure this flag under "Project Management" -> "MaxCompute Settings" in DataWorks.
show grants for ram$ primary account: RAM user;
revoke role_project_dev from ram$ primary account: RAM user;-- Removes the default role from a new member Note that if a member is re-granted a role in the DataWorks "Member Management" page, the corresponding MaxCompute role is also re-granted to that member.
grant custom_dev to ram$ primary account: RAM user;-- Grants a custom role to a new member

Other Common Scenarios

Package Authorization Scenario

CREATE PACKAGE PACKAGE_NAME;
Example:
CREATE PACKAGE prj_prod2bi;
ADD table TO PACKAGE [package name]; 
Example:
ADD table adl_test_table TO PACKAGE prj_prod2bi;
ALLOW PROJECT [project allowed to install package] TO INSTALL PACKAGE [package name];
Example:
ALLOW PRJ_BI TO INSTALL PACKAGE prj_prod2bi;
INSTALL PACKAGE [application name].[ package name]; 
Example:
INSTALL PACKAGE prj_prod.prj_prod2bi;
Grant the permission to users:
GRANT read on package prj_prod2bi TO USER [cloud account];
Grant the permission to roles:
GRANT read on package prj_prod2bi TO ROLE [rolename];

Data Security Self-Check Example

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store