Data Lake Compute permissions include data permissions and data engine permissions. If you have the admin permission, you can log in to the Data Lake Compute console or use an API to grant a sub-user data and data engine permissions. Sub-users cannot use, modify, or delete data or data engines before they are authorized.
Data Lake Compute provides the user mode and work group mode for personnel permission management.
User: You can select users in CAM, including sub-accounts and collaborator accounts.
Work group: It is a group of users with the same permissions managed in the product.
Note:If users are granted different permissions from those granted in their work groups, all the granted permissions will take effect.
A work group allows you to quickly grant permissions to a batch of users, so it is recommended for batch user authorization. For detailed directions, see User and User Group.
In Data Lake Compute, User type can be Admin or General user.
Permission and Operation | Admin | General User |
---|---|---|
Data permissions | All | None by default (to be authorized by an admin) |
Data engine permissions | All | None by default (to be authorized by an admin) |
User management | Yes | No |
Work group management | Yes | No |
Authorization scope | All | Permissions that can be regranted |
Note:The above permissions only include those defined in Data Lake Compute. To perform purchase, configuration adjustment, and refund operations that involve billing, log in to the CAM console and get the financial collaborator permission
QCloudFinanceFullAccess
(for detailed directions, see Creating and Authorizing Sub-account).
Data Lake Compute data permissions allow operations on data catalogs, databases, and data tables. To facilitate your management and configuration, permissions can be granted in the standard or advanced mode.
SQL statements for permission operations are as follows:
Action | CREATE | ALTER | DROP | SELECT | INSERT | DELETE | Target |
---|---|---|---|---|---|---|---|
CREATE DATABASE | ✓ | - | - | - | - | - | Cataglog |
ALTER DATABASE | - | ✓ | - | - | - | - | Database |
DROP DATABASE | - | - | ✓ | - | - | - | Database |
CREATE TABLE | ✓ | - | - | - | - | - | Database |
CREATE TABLE AS SELECT | ✓ | - | - | ✓ | ✓ | - | Database/Table |
DROP TABLE | - | - | ✓ | - | - | - | Table |
ALTER TABLE LOCATION | - | ✓ | - | - | - | - | Table |
ALTER PARTITION LOCATION | - | ✓ | - | - | - | - | Table |
ALTER TABLE ADD PARTITION | - | ✓ | - | - | - | - | Table |
ALTER TABLE DROP PARTITION | - | ✓ | - | - | - | - | Table |
ALTER TABLE | - | ✓ | - | - | - | - | Table |
CREATE VIEW | ✓ | - | - | - | - | - | Database |
ALTER VIEW PROPERTIES | - | ✓ | - | - | - | - | View |
ALTER VIEW RENAME | - | ✓ | - | - | - | - | View |
DROP VIEW PROPERTIES | - | ✓ | ✓ | - | - | - | View |
DROP VIEW | - | - | ✓ | - | - | - | View |
SELECT TABLE | - | - | - | ✓ | - | - | Table |
INSERT | - | - | - | - | ✓ | - | Table |
INSERT OVERWRITE | - | - | - | - | ✓ | ✓ | Table |
CREATE FUNCTION | ✓ | - | - | - | - | - | Database |
DROP FUNCTION | - | - | ✓ | - | - | - | Function |
SELECT VIEW | - | - | - | ✓ | - | - | View |
SELECT FUNCTION | - | - | - | ✓ | - | - | Function |
Data Lake Compute data engine permissions allow using, modifying, manipulating, monitoring, and deleting data engines as detailed below:
A single user can be granted multiple permissions. For detailed directions, see Sub-Account Permission Management.
Was this page helpful?