User permissions include data permissions and engine permissions (for more information on permissions, see Permission Overview). The former is required to access data in Data Lake Compute, while the latter is used for resource management. Data Lake Compute enables permission management at the database, table, and column levels, so that you can authorize a user or work group for refined data permission management in different use cases.
You can authorize a user or create and authorize a work group of users. For detailed directions, see User and Work Group.
Note:If users are granted different permissions from those granted in their work groups, all the granted permissions will take effect.
A work group allows you to quickly grant permissions to a batch of users, so it is recommended for batch user authorization.
Grant permissions to the specified user.
Set a user to Admin or General user. Admins have the permissions of all the data and engines by default with no need to be bound to a work group. They can also manage admin users other than the root account. Set an admin with caution.
Bind a work group: General users need to be granted permissions or bound to a work group before they can access resources.
Add a data permission: In the User list, click Authorize in the Operation column and select Data permission to grant permissions at the data catalog or database/table level.
Permission Type | Database | Data Table | View and Function |
---|---|---|---|
Query & analytics | • Query all the tables, views, and functions in databases.
• Create data tables. |
Query | Query |
Data edit | • Modify and delete databases and create tables.
• Permissions of all the tables, views, and functions. |
• Query, insert, update, and delete data.
• Modify and delete tables. |
Query, create, modify, and delete. |
Owner (grants the permission to re-authorize permissions in addition to data edit permissions) | • Modify and delete databases and create tables.
• Permissions of all the tables, views, and functions. |
• Query, insert, update, and delete data.
• Modify and delete tables. |
Query, create, modify, and delete. |
Add an engine permission: In the User list, click Authorize in the Operation column and select Engine permission to grant permissions to use, modify, manipulate, monitor, and delete specified resources.
Remove permissions to be revoked from the permission list of a user. This operation requires the admin permission.
Only admins can add or remove work group permissions in a similar way to manipulate data permissions. Users in a work group have all the permissions of the group, so you can bind users to a work group to grant them the data and engine permissions of the work group. Admins don't need to be bound to a work group.
Was this page helpful?