Common Operations Supported by DLI System Policy

Table 1 lists the common operations supported by each system policy of DLI. Choose proper system policies according to this table. For details about the SQL statement permission matrix in DLI in terms of permissions on databases, tables, and roles, see SQL Syntax of Batch Jobs > Data Permissions Management > Data Permissions List in the Data Lake Insight SQL Syntax Reference.

Table 1 Common operations supported by each system permission

Resource

Operation

Description

DLI FullAccess

DLI ReadOnlyAccess

Tenant Administrator

DLI Service Administrator

Queue

DROP_QUEUE

Deleting a Queue

Y

x

Y

Y

SUBMIT_JOB

Submitting a job

Y

x

Y

Y

CANCEL_JOB

Terminating a Job

Y

x

Y

Y

RESTART

Restarting a queue

Y

x

Y

Y

GRANT_PRIVILEGE

Granting permissions to a queue

Y

x

Y

Y

REVOKE_PRIVILEGE

Revoking permissions to a queue

Y

x

Y

Y

SHOW_PRIVILEGES

Viewing the queue permissions of other users

Y

x

Y

Y

Database

DROP_DATABASE

Deleting a database

Y

x

Y

Y

CREATE_TABLE

Creating a table

Y

x

Y

Y

CREATE_VIEW

Creating a view

Y

x

Y

Y

EXPLAIN

Explaining the SQL statement as an execution plan

Y

x

Y

Y

CREATE_ROLE

Creating a role

Y

x

Y

Y

DROP_ROLE

Deleting a role

Y

x

Y

Y

SHOW_ROLES

Displaying a role

Y

x

Y

Y

GRANT_ROLE

Binding a role

Y

x

Y

Y

REVOKE_ROLE

Unbinding a role

Y

x

Y

Y

SHOW_USERS

Displaying the binding relationships between all roles and users

Y

x

Y

Y

GRANT_PRIVILEGE

Granting permissions to the database

Y

x

Y

Y

REVOKE_PRIVILEGE

Revoking permissions to the database

Y

x

Y

Y

SHOW_PRIVILEGES

Viewing database permissions of other users

Y

x

Y

Y

DISPLAY_ALL_TABLES

Displaying tables in a database

Y

Y

Y

Y

DISPLAY_DATABASE

Displaying databases

Y

Y

Y

Y

CREATE_FUNCTION

Creating a function

Y

x

Y

Y

DROP_FUNCTION

Deleting a function

Y

x

Y

Y

SHOW_FUNCTIONS

Displaying all functions

Y

x

Y

Y

DESCRIBE_FUNCTION

Displaying function details

Y

x

Y

Y

Table

DROP_TABLE

Deleting tables

Y

x

Y

Y

SELECT

Querying tables

Y

x

Y

Y

INSERT_INTO_TABLE

Inserting table data

Y

x

Y

Y

ALTER_TABLE_ADD_COLUMNS

Adding a column

Y

x

Y

Y

INSERT_OVERWRITE_TABLE

Overwriting a table

Y

x

Y

Y

ALTER_TABLE_RENAME

Renaming a table

Y

x

Y

Y

ALTER_TABLE_ADD_PARTITION

Adding partitions to the partition table

Y

x

Y

Y

ALTER_TABLE_RENAME_PARTITION

Renaming a table partition

Y

x

Y

Y

ALTER_TABLE_DROP_PARTITION

Deleting partitions from a partition table

Y

x

Y

Y

SHOW_PARTITIONS

Displaying all partitions

Y

x

Y

Y

ALTER_TABLE_RECOVER_PARTITION

Restoring table partitions

Y

x

Y

Y

ALTER_TABLE_SET_LOCATION

Setting the partition path

Y

x

Y

Y

GRANT_PRIVILEGE

Granting permissions to the table

Y

x

Y

Y

REVOKE_PRIVILEGE

Revoking permissions to the table

Y

x

Y

Y

SHOW_PRIVILEGES

Viewing table permissions of other users

Y

x

Y

Y

DISPLAY_TABLE

Displaying a table

Y

Y

Y

Y

DESCRIBE_TABLE

Displaying table information

Y

x

Y

Y

Enhanced datasource connection

BIND_QUEUE

Binding an enhanced datasource connection to a queue

It is only used to grant permissions across projects.

x

x

x

x