This topic describes how to use the SecurityManager.runQuery() method of the MaxCompute Java SDK to run security-related commands in MaxCompute Console.

Background

You can run security-related commands in either of the following ways:
  • Use MaxCompute Client. For more information, see instructions in Target users and Security command list.
    The commands that start with the following keywords are the security-related commands of MaxCompute:
    GRANT/REVOKE ...
    SHOW  GRANTS/ACL/PACKAGE/LABEL/ROLE/PRINCIPALS
    SHOW  PRIV/PRIVILEGES
    LIST/ADD/REMOVE  USERS/ROLES/TRUSTEDPROJECTS
    DROP/CREATE   ROLE
    CLEAR EXPIRED  GRANTS
    DESC/DESCRIBE   ROLE/PACKAGE
    CREATE/DELETE/DROP  PACKAGE
    ADD ... TO  PACKAGE
    REMOVE ... FROM  PACKAGE
    ALLOW/DISALLOW  PROJECT
    INSTALL/UNINSTALL  PACKAGE
    LIST/ADD/REMOVE   ACCOUNTPROVIDERS
    SET  LABLE  ...
  • Use the SecurityManager.runQuery() method of the Java SDK. For more information, see the MaxCompute Java SDK documentation.
    Note The security-related commands of MaxCompute are not SQL commands. Therefore, you cannot create instances to run them by using SQLTask.

Prerequisites

Before using the Java SDK to run security-related commands, you need to ensure that the following preparations are made:
  1. The IntelliJ IDEA development tool is installed. For more information, see Install IntelliJ IDEA.
  2. Your AccessKey ID and AccessKey secret are obtained.
    To obtain the AccessKey ID and AccessKey secret, you can log on to the Alibaba Cloud console, move the pointer over the avatar in the upper-right corner, and then select accesskeys from the drop-down menu to go to the AccessKey management page, as shown in the following figure.
  3. Endpoints are configured. For more information, seeConfigure endpoints .
  4. A project <your_project> is created. Project space connection management for this project by using MaxCompute Studio in IntelliJ IDEA.
  5. Project dependencies are added in MaxCompute Studio.

    The SecurityManager class is contained in the odps-sdk-core package. Therefore, you need to add project dependencies as follows:

    <dependency>
      <groupId>com.aliyun.odps</groupId>
      <artifactId>odps-sdk-core</artifactId>
      <version>0.29.11-oversea-public</version>
    </dependency>
After the preceding preparations are made, you can start to run security-related commands. For example, to set the access level of columns in the test_label table to 2, you can run the following command:
SET LABEL 2 TO TABLE test_label(key, value);

Procedure

  1. Run the following command to create the test table test_label:
    CREATE TABLE IF NOT EXISTS test_label(
     key  STRING,
     value BIGINT
    );
  2. Test the code.
    • Run the following Java code:
      import com.aliyun.odps.Column;
      import com.aliyun.odps.Odps;
      import com.aliyun.odps.OdpsException;
      import com.aliyun.odps.OdpsType;
      import com.aliyun.odps.TableSchema;
      import com.aliyun.odps.account.Account;
      import com.aliyun.odps.account.AliyunAccount;
      import com.aliyun.odps.security.SecurityManager;
      public class test {
        public static void main(String [] args) throws OdpsException {
          try {
            // init odps
            Account account = new AliyunAccount("<your_accessid>", "<your_accesskey>");
            Odps odps = new Odps(account);
            odps.setEndpoint("http://service-corp.odps.aliyun-inc.com/api");
            odps.setDefaultProject("<your_project>");
            // set label 2 to table columns
            SecurityManager securityManager = odps.projects().get().getSecurityManager();
            String res = securityManager.runQuery("SET LABEL 2 TO TABLE test_label(key, value);", false);
            System.out.println(res);
          } catch (OdpsException e) {
            e.printStackTrace();
          }
        }
      }
    • View the result.
  3. Verify the result.
    After running the code, run the desc test_label command in MaxCompute Console. For example, the result in the following figure shows that the set label command has taken effect.结果

    You can use the Java SDK to run other security-related commands.

References

For more information about security-related commands and relevant operations, see Authorize users, Manage permissions by row, Security configurations, and Resource sharing across projects based on package.