tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Data Lake Compute
    Documentation
    Download PDF

    Quick Start with Permission Management in Data Lake Compute

    Last updated: 2024-07-17 15:24:34
    Download PDF
      During the utilization of Data Lake Compute (DLC), if you need to establish varying access permissions for employees within your organization to achieve isolation of authority among them, you can employ the permissions management feature for meticulous management of user and workgroup permissions.
      Note:
      1. The policy of permissions is highly correlated with the usage of the product. It is recommended that administrators configure the policies for roles such as workgroups and sub-users in advance before officially utilizing the product features.
      2. In different regions, administrators are required to reconfigure the member management and permissions management for DLC in that specific region.

      CAM Authorization

      Data Lake Compute (DLC) possesses a comprehensive data access permission mechanism. If you have sub-account management requirements, please grant the corresponding sub-account with the QcloudDLCFullAccess (Full read-write access to Data Lake Compute (DLC)) policy in the Access Management Console. For specific steps on creating sub-accounts and authorizing policies.
      Data Lake Compute (DLC) offers permissions refined to the granularity of row and column levels in data tables, ensuring that you need not worry about overstepping authority with this operation.
      
      
      

      Adding a User

      Data Lake Compute utilizes the Tencent Cloud account ID as the default user ID. It distinguishes between two user types: administrators and ordinary users. Administrators inherently possess all resource permissions, while ordinary users must be granted specific permissions or be associated with a work group to acquire permissions.
      1. Incorporate a user and associate them with a work group.
      Log into the DLC console, select Permission Management, and click on Users > Add User to incorporate a new user.
      
      
      
      2. Enter the basic information: Provide the user ID, user name, and description, and select the user type.
      Note:
      When selecting the user type as "Ordinary User", permissions can be obtained through individual authorization or by acquiring all permissions of a specified work group. When selecting "Administrator" as the user type, there is no need to associate with a work group to gain all permissions.
      
      
      
      3. Associate with a work group: Select a work group for association (optional).
      

      User authorization

      In the user list, authorize each user individually. The authorization includes "Data Permissions" and "Engine Permissions", and the permission policy is consistent with the work group's permission policy.
      
      
      

      Add Work Group

      1. In the Data Lake Compute DLC, select Permission Management from the left sidebar, and click on Work Group > Add Work Group to create a work group for the user. When creating a work group, you can choose to bind it to a user or create an empty work group. For detailed operations, refer to Users and User Groups.
      
      2. Enter the basic information: Provide the work group name and description.
      
      3. Associate a user: The associated user will acquire all permissions under the respective work group.
      

      Granting permissions to a work group

      After creating the work group, click on the Authorize operation in the list to add permissions to the work group, including Data Permissions and Engine Permissions.
      
      
      

      Data permission

      Data permissions include:
      Data Catalog Permissions: These include two types of permissions under the data catalog, namely, the ability to Create Database and Create Data Catalog.
      
      
      
      Database Table Permissions: Fine-grained permissions at the database table level can be granted, including query and edit permissions for databases, tables, views, and functions.
      
      
      

      Engine permission

      Select a data engine and grant the permissions to use, modify, or delete it.
      
      
      

      Engine operation permissions are granted automatically

      DLC supports default enablement of engine operation class permissions. Once enabled, all users will by default have the following permissions for that engine:
      Utilize: Execute tasks using this engine.
      Operation: Initiation of engine suspension or standby.
      Monitoring: Administration of engine usage monitoring.
      Note:
      1. Upon termination, administrators inherently maintain all engine privileges. Ordinary users require an administrator to add permissions on the permission management page.
      2. Existing ordinary user permissions will remain intact and can be deleted on the Permission Management page.
      3. Subsequent newly created ordinary users have no usage rights, which should be manually added on the Permission Management page.

      How do I enable or disable the self-delivery authorization engine

      By default, the engine enables/disables two operation permission entries:
      
      
      
      Access 2: Go to the SuperSQL engine page and click Edit Auto-granting of engine permissions.
      
      
      
      After setting engine permissions, click Confirm.
      
      
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy