Permissions¶
Five preset roles are available for workspace members: admin, developer, deployer, operator, and viewer. Custom roles are also supported.
Admin: This role has all operation permissions in a workspace. You are advised to assign the admin role to the project owner, development owner, and O&M administrator.
Developer: This role has permissions to create and manage resources in a workspace. You are advised to assign this role to users who develop and process tasks.
Operator: This role has the operation permissions of services such as O&M and scheduling in a workspace, but cannot modify resources or configurations. You are advised to assign this role to users responsible for O&M management and status monitoring.
Viewer: This role can view data in a workspace but cannot perform any other operation. You are advised to assign this role to users who only need to view data in a workspace but do not need to perform operations.
Deployer: This role is unique to the enterprise mode and has permissions to release task packages in a workspace. In enterprise mode, when a developer submits a script or job version, the system generates a release task. After the developer confirms the release and the deployer approves the release request, the modified job is synchronized to the production environment.
Custom roles: If the preset roles cannot meet your requirements, you can create custom roles. You can configure permissions for such roles to meet the the principle of least privilege (PoLP).
This section describes the permissions of the preset roles.
Important
Operation permissions in this section refer to the permissions required for performing resource operations except addition, deletion, modification, and query, such as importing and exporting data, and executing, canceling, starting, and scheduling tasks.
Management Center¶
Permission | Admin | Developer | Operator | Viewer |
|---|---|---|---|---|
Querying the MRS, DWS, or CDM cluster list | Y | Y | Y | Y |
Creating databases | Y | Y | N | N |
Deleting databases | Y | Y | N | N |
Querying databases | Y | Y | Y | Y |
Modifying databases | Y | Y | N | N |
Creating data tables | Y | Y | N | N |
Deleting data tables | Y | Y | N | N |
Querying data tables | Y | Y | Y | Y |
Editing data tables | Y | Y | N | N |
Creating resource migration tasks | Y | Y | N | N |
Operating resource migration tasks | Y | Y | Y | N |
Querying resource migration tasks | Y | Y | Y | Y |
Creating data connections | Y | Y | N | N |
Deleting data connections | Y | Y | N | N |
Operating data connections | Y | Y | Y | N |
Querying data connections | Y | Y | Y | Y |
Editing data connections | Y | Y | N | N |
Deleting RDS driver packages | Y | N | N | N |
Operating RDS driver packages | Y | N | N | N |
Querying RDS driver packages | Y | Y | Y | Y |
Creating DLI resource mapping configurations | N | N | N | N |
Deleting DLI resource mapping configurations | N | N | N | N |
Querying DLI resource mapping configurations | N | N | N | N |
DataArts Migration¶
Permission | Admin | Developer | Operator | Viewer |
|---|---|---|---|---|
Creating clusters | Y | Y | N | N |
Deleting clusters | Y | Y | N | N |
Operating clusters | Y | Y | Y | N |
Querying clusters | Y | Y | Y | Y |
Editing clusters | Y | Y | N | N |
Operating links | Y | Y | Y | N |
Querying links | N | N | N | N |
Operating jobs | Y | Y | Y | N |
Querying jobs | N | N | N | N |
Binding EIPs | Y | N | N | N |
Unbinding EIPs | Y | N | N | N |
DataArts Factory¶
Permission | Admin | Developer | Deployer | Operator | Viewer |
|---|---|---|---|---|---|
Creating schemas | Y | Y | N | N | N |
Deleting schemas | Y | Y | N | N | N |
Querying schemas | Y | Y | N | Y | Y |
Editing schemas | Y | Y | N | N | N |
Operating backups | Y | Y | N | Y | N |
Querying backups | Y | Y | Y | Y | Y |
Creating PatchData tasks | Y | Y | N | N | N |
Operating PatchData tasks | Y | Y | N | Y | N |
Querying PatchData tasks | Y | Y | N | Y | Y |
Operating dirty data | Y | Y | N | Y | N |
Operating backups used for restoration | Y | N | N | Y | N |
Querying backups used for restoration | Y | Y | Y | Y | Y |
Creating directories | Y | Y | N | N | N |
Deleting directories | Y | Y | N | N | N |
Querying directories | Y | Y | N | Y | Y |
Editing directories | Y | Y | N | N | N |
Creating notifications | Y | Y Note In enterprise mode, developers do not have the permission to create notifications. | N | N | N |
Deleting notifications | Y | Y | N | N | N |
Querying notifications | Y | Y | N | Y | Y |
Editing notifications | Y | Y | N | N | N |
Creating databases | Y | Y | N | N | N |
Deleting databases | Y | Y | N | N | N |
Querying databases | Y | Y | N | Y | Y |
Editing databases | Y | Y | N | N | N |
Creating solutions | Y | Y | N | N | N |
Deleting solutions | Y | Y | N | N | N |
Operating solutions | Y | Y | N | Y | N |
Querying solutions | Y | Y | N | Y | Y |
Editing solutions | Y | Y | N | N | N |
Querying IAM agencies | Y | Y | Y | Y | Y |
Updating IAM agencies | Y | N | N | N | N |
Operating environment variables | Y | Y | N | N | N |
Querying environment variables | Y | Y | N | Y | Y |
Editing environment variables | Y | Y | N | N | N |
Operating job nodes | Y | Y | N | Y | N |
Viewing release packages | Y | Y | Y | Y | Y |
Operating release packages | Y | N | Y | Y | N |
Creating data connections | Y | Y | N | N | N |
Deleting data connections | Y | Y | N | N | N |
Operating data links | Y | Y | N | Y | N |
Querying data connections | Y | Y | N | Y | Y |
Editing data connections | Y | Y | N | N | N |
Canceling release | Y | Y | Y | Y | N |
Creating data tables | Y | Y | N | N | N |
Deleting data tables | Y | Y | N | N | N |
Querying data tables | Y | Y | N | Y | Y |
Editing data tables | Y | Y | N | N | N |
Operating job instances | Y | Y | N | Y | N |
Querying job instances | Y | Y | N | Y | Y |
Creating resources | Y | Y | N | N | N |
Deleting resources | Y | Y | N | N | N |
Operating resources | Y | Y | N | Y | N |
Querying resources | Y | Y | N | Y | Y |
Editing resources | Y | Y | N | N | N |
Editing environment variable mappings | N | N | N | N | N |
Operating script editing locks | Y | Y | N | Y | N |
Creating scripts | Y | Y | N | N | N |
Deleting scripts | Y | Y | N | N | N |
Operating scripts | Y | Y | N | Y | N |
Querying scripts | Y | Y | N | Y | Y |
Editing scripts | Y | Y | N | N | N |
Adding job tags | Y | Y | N | Y | N |
Deleting job tags | Y | Y | N | Y | N |
Querying job tags | Y | Y | N | Y | Y |
Creating jobs | Y | Y | N | N | N |
Deleting jobs | Y | Y | N | N | N |
Operating jobs | Y | Y | N | Y | N |
Querying jobs | Y | Y | N | Y | Y |
Editing jobs | Y | Y | N | Y | N |
Querying details about job editing locks | Y | Y | N | Y | Y |
Operating job editing locks | Y | Y | N | Y | N |