Common Operations Supported by DLI System Policy¶
Table 1 lists the common operations supported by each system policy of DLI. Choose proper system policies according to this table. For details about the SQL statement permission matrix in DLI in terms of permissions on databases, tables, and roles, see SQL Syntax of Batch Jobs > Data Permissions Management > Data Permissions List in the Data Lake Insight SQL Syntax Reference.
Resource | Operation | Description | DLI FullAccess | DLI ReadOnlyAccess | Tenant Administrator | DLI Service Administrator |
|---|---|---|---|---|---|---|
Queue | DROP_QUEUE | Deleting a Queue | Y | x | Y | Y |
SUBMIT_JOB | Submitting a job | Y | x | Y | Y | |
CANCEL_JOB | Terminating a Job | Y | x | Y | Y | |
RESTART | Restarting a queue | Y | x | Y | Y | |
GRANT_PRIVILEGE | Granting permissions to a queue | Y | x | Y | Y | |
REVOKE_PRIVILEGE | Revoking permissions to a queue | Y | x | Y | Y | |
SHOW_PRIVILEGES | Viewing the queue permissions of other users | Y | x | Y | Y | |
Database | DROP_DATABASE | Deleting a database | Y | x | Y | Y |
CREATE_TABLE | Creating a table | Y | x | Y | Y | |
CREATE_VIEW | Creating a view | Y | x | Y | Y | |
EXPLAIN | Explaining the SQL statement as an execution plan | Y | x | Y | Y | |
CREATE_ROLE | Creating a role | Y | x | Y | Y | |
DROP_ROLE | Deleting a role | Y | x | Y | Y | |
SHOW_ROLES | Displaying a role | Y | x | Y | Y | |
GRANT_ROLE | Binding a role | Y | x | Y | Y | |
REVOKE_ROLE | Unbinding a role | Y | x | Y | Y | |
SHOW_USERS | Displaying the binding relationships between all roles and users | Y | x | Y | Y | |
GRANT_PRIVILEGE | Granting permissions to the database | Y | x | Y | Y | |
REVOKE_PRIVILEGE | Revoking permissions to the database | Y | x | Y | Y | |
SHOW_PRIVILEGES | Viewing database permissions of other users | Y | x | Y | Y | |
DISPLAY_ALL_TABLES | Displaying tables in a database | Y | Y | Y | Y | |
DISPLAY_DATABASE | Displaying databases | Y | Y | Y | Y | |
CREATE_FUNCTION | Creating a function | Y | x | Y | Y | |
DROP_FUNCTION | Deleting a function | Y | x | Y | Y | |
SHOW_FUNCTIONS | Displaying all functions | Y | x | Y | Y | |
DESCRIBE_FUNCTION | Displaying function details | Y | x | Y | Y | |
Table | DROP_TABLE | Deleting tables | Y | x | Y | Y |
SELECT | Querying tables | Y | x | Y | Y | |
INSERT_INTO_TABLE | Inserting table data | Y | x | Y | Y | |
ALTER_TABLE_ADD_COLUMNS | Adding a column | Y | x | Y | Y | |
INSERT_OVERWRITE_TABLE | Overwriting a table | Y | x | Y | Y | |
ALTER_TABLE_RENAME | Renaming a table | Y | x | Y | Y | |
ALTER_TABLE_ADD_PARTITION | Adding partitions to the partition table | Y | x | Y | Y | |
ALTER_TABLE_RENAME_PARTITION | Renaming a table partition | Y | x | Y | Y | |
ALTER_TABLE_DROP_PARTITION | Deleting partitions from a partition table | Y | x | Y | Y | |
SHOW_PARTITIONS | Displaying all partitions | Y | x | Y | Y | |
ALTER_TABLE_RECOVER_PARTITION | Restoring table partitions | Y | x | Y | Y | |
ALTER_TABLE_SET_LOCATION | Setting the partition path | Y | x | Y | Y | |
GRANT_PRIVILEGE | Granting permissions to the table | Y | x | Y | Y | |
REVOKE_PRIVILEGE | Revoking permissions to the table | Y | x | Y | Y | |
SHOW_PRIVILEGES | Viewing table permissions of other users | Y | x | Y | Y | |
DISPLAY_TABLE | Displaying a table | Y | Y | Y | Y | |
DESCRIBE_TABLE | Displaying table information | Y | x | Y | Y | |
Enhanced datasource connection | BIND_QUEUE | Binding an enhanced datasource connection to a queue It is only used to grant permissions across projects. | x | x | x | x |