Data Access Policy (CAM role arn) Overview
A data access policy (CAM role arn) allows you to configure permissions in CAM for accessing data in data sources and COS during data job execution.
When configuring a data job in Data Lake Compute, you need to specify the data access policy to protect data security.
Directions
Step 1. Create a policy in CAM
Log in to the Tencent Cloud console and select Cloud Access Management. The logged-in account needs to have permissions to configure CAM; therefore, we recommend you use a root account or admin account.
Select Policies on the left sidebar to enter the policy management page. Click Create Custom Policy and select Create by Policy Syntax.
![]()
Search for COS in the policy template and select COS permission templates.
![]()
The preset templates define read-only and read/write permission policies. If they don't meet your needs, create a custom policy template as instructed in Appendix.
Select the template, set a name for the policy, and click Save.
Step 2. Create a service role
- Log in to the Tencent Cloud console and select Cloud Access Management. The logged-in account needs to have permissions to configure CAM; therefore, we recommend you use a root account or admin account.
- Select Role on the left sidebar to enter the role management page. Click Create Role and select Tencent Cloud Product Service.
![]()
- In the Role Entity service list, find and select Data Lake Compete and click Next.
![]()
- In the policy configuration, find and select the policy created in Step 1 and click Next.
- Set a name for the role and click Save.
- After creating the role in Step 2, return to the role list and find the created role.
- Click Role Name to enter the role details page.
![]()
- Find and copy the role arn information.
![]()
- Log in to the Data Lake Compute console with an admin account.
- Select Data job on the left sidebar to enter the data job management page. Click Job configuration and select CAM role arn.
- Click Create role arn.
![]()
- Paste the role arn information obtained in Step 3 in the input box and click Save.
Appendix: Custom Policy Template
If the preset templates cannot meet your data management needs, you can configure a custom template in the following steps.
- Log in to the Tencent Cloud console and select Cloud Access Management. The logged-in account needs to have permissions to configure CAM; therefore, we recommend you use a root account or admin account.
- Select Policies on the left sidebar to enter the policy management page. Click Create Custom Policy and select Create by Policy Generator.
![]()
- Select Allow as Effect and COS as Service. Select the resource scope as needed.
![]()
If you need to manage specific resources, click Add a six-segment resource description to add resources. You can use *
to indicate all the resources. For more information, see Resource Description Method.
- After completing the configuration, set a name for the policy and click Save. You can also select Authorized Users to authorize the policy to existing users.
Was this page helpful?