What Is MaxCompute Studio and Privileges

By Haoyi


MaxCompute has a powerful security system to protect data in projects. Before using MaxCompute, you should learn some basic concepts about privileges:

MaxCompute Studio is a big data integrated development environment (IDE) tool that is provided by the Alibaba Cloud MaxCompute platform and installed on the developer’s client. MaxCompute Studio provides the following functions to help you better understand and use MaxCompute permissions:

Viewing Privileges

You can use the statement “show grants” to show the permissions of a project. Privilege-related statements are integrated in the Studio Editor. Users can call the live template using a shortcut (Ctrl + J for Windows, and Command + J for Mac):

In addition, MaxCompute Studio also provides graphical display of user privileges. As shown in the following figure, click “Show privileges” on the toolbar. On the displayed “Show user privileges in this MaxCompute project” dialog box, click the “search” button, and the privileges of the user in the project are displayed below:

The “json” tab shows all privileges, and the “table” tab shows the privileges of the user on the table. When you hover the mouse over the “table” tab, the privilege description is displayed:

Privilege Exception Diagnosis

If the task reports an exception in authentication due to lack of privileges, you can use Studio’s privilege exception diagnosis to quickly find a solution. As shown in the following figure, click the “Privilege exception diagnosis” button on the toolbar. On the displayed “Permission exception diagnosis” dialog box, enter the complete authentication exception information in the upper text box, and click “OK”, then possible solutions will be displayed in the lower text box:

Writing Privilege Statements

MaxCompute provides a series of privilege statements, which have been integrated in the MaxCompute SQL Editor. Users can execute these statements using Studio for privileges operations. Specifically, user the shortcut key (Windows: Ctrl + J, Mac: Command + J) to call the live template, and then search:

In addition, smart code prompts are also supported when writing an authorization statement:

Generating Authorization Statements

In addition to manually written authorization statements, Studio also supports graphical authorization. Click “Show privileges” on the toolbar. On the displayed “Show user privileges” dialog box, click the “grant privilege” tab and select the authorization object, then the SQL panel below displays the corresponding authorization statement synchronously. Click “execute grant command”, and wait for the backend to complete.

Privileges in Studio

  • When the user adds a MaxCompute project, Studio will try to list all objects in the project to the local machine, which means that the user must have the “list” privilege for the project.
  • To display table details, the user must have the “describe” privilege for the table. To display custom functions, the user must have the “read” privilege for the functions. The user also needs privileges for any table or function used in writing SQL statements in the Editor.
  • To run an SQL statement in the Editor, the user must have the “select” privilege for the table involved. The user also needs the “CreateInstance” privilege for the project to submit the SQL task.
  • To release a developed UDF, the user needs the “write” privilege for the function.

Privilege documentation

MaxCompute Privilege official documentation

MaxCompute Security Management Guide


Follow me to keep abreast with the latest technology news, industry insights, and developer trends.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store