This topic describes how to use the SecurityManager.runQuery() method of MaxCompute SDK for Java to run security-related commands on the MaxCompute client.

Prerequisites

The following operations are completed:
  • Install the IntelliJ IDEA development tool. For more information, see Install IntelliJ IDEA.
  • Create a MaxCompute Studio project and connect it to your MaxCompute project. For more information, see Manage project connections.
  • Add project dependencies in MaxCompute Studio.
    The SecurityManager class is contained in the odps-sdk-core package. Therefore, you must add project dependencies by using the following configuration:
    <dependency>
      <groupId>com.aliyun.odps</groupId>
      <artifactId>odps-sdk-core</artifactId>
      <version>0.29.11-oversea-public</version>
    </dependency>

Background information

You can run security-related commands by using one of the following methods:
  • Use the MaxCompute client. For more information, see the instructions in Target users and Security configuration of a project.
    The commands that start with any of the following keywords are the security-related commands of MaxCompute:
    GRANT/REVOKE ...
    SHOW  GRANTS/ACL/PACKAGE/LABEL/ROLE/PRINCIPALS
    SHOW  PRIV/PRIVILEGES
    LIST/ADD/REOVE  USERS/ROLES/TRUSTEDPROJECTS
    DROP/CREATE   ROLE
    CLEAR EXPIRED  GRANTS
    DESC/DESCRIBE   ROLE/PACKAGE
    CREATE/DELETE/DROP  PACKAGE
    ADD ... TO  PACKAGE
    REMOVE ... FROM  PACKAGE
    ALLOW/DISALLOW  PROJECT
    INSTALL/UNINSTALL  PACKAGE
    LIST/ADD/REMOVE   ACCOUNTPROVIDERS
    SET  LABLE  ...
  • Use the SecurityManager.runQuery() method of MaxCompute SDK for Java. For more information, see the MaxCompute SDK for Java documentation.
    Note The security-related commands of MaxCompute are not SQL commands. Therefore, you cannot create instances to run security-related commands by using SQLTask.

Procedure

  1. Run the following command to create a test table named test_label:
    CREATE TABLE IF NOT EXISTS test_label(
     key  STRING,
     value BIGINT
    );
  2. Run the following Java code in MaxCompute Studio to run the set label command on the test_label table. For more information about how to use MaxCompute Studio, see Overview.
    import com.aliyun.odps.Column;
    import com.aliyun.odps.Odps;
    import com.aliyun.odps.OdpsException;
    import com.aliyun.odps.OdpsType;
    import com.aliyun.odps.TableSchema;
    import com.aliyun.odps.account.Account;
    import com.aliyun.odps.account.AliyunAccount;
    import com.aliyun.odps.security.SecurityManager;
    public class test {
      public static void main(String [] args) throws OdpsException {
        try {
          // init odps
          Account account = new AliyunAccount("<your_accessid>", "<your_accesskey>");
          Odps odps = new Odps(account);
          odps.setEndpoint("http://service-corp.odps.aliyun-inc.com/api");
          odps.setDefaultProject("<your_project>");
          // set label 2 to table columns
          SecurityManager securityManager = odps.projects().get().getSecurityManager();
          String res = securityManager.runQuery("SET LABEL 2 TO TABLE test_label(key, value);", false);
          System.out.println(res);
        } catch (OdpsException e) {
          e.printStackTrace();
        }
      }
    }
  3. View the result.
  4. Verify the result.
    After the Java code is run, run the desc test_label command on the MaxCompute client. In this example, the result in the following figure shows that the set label command has taken effect on the test_label table.
    Note For more information about security-related commands in MaxCompute, see Authorize users, Column-level access control, Project security configurations, and Package-based resource sharing across projects.