This topic describes the responsibilities and permissions of a workspace administrator. By default, the Alibaba Cloud account that creates a workspace is the owner and administrator of the workspace and has full permissions on the workspace.
The owner can also specify a Resource Access Management (RAM) user as a workspace administrator.
Create a workspace
Add workspace members
To guarantee stability and security of the production environment, DataWorks does not allow RAM users to perform operations on tables in the production environment by default. For example, RAM users cannot modify or delete tables in the production environment. In addition, workspace members must be authorized to commit nodes.
When creating a workspace, you must first specify whether to use your Alibaba Cloud account or a RAM user to run nodes in the workspace. An incorrect setting will damage the permission system of DataWorks.
- Alibaba Cloud account: The AccessKey of your Alibaba Cloud account is used to run SQL statements. The SQL statements can be run on tables in all workspaces in the specified region. Exercise caution when you select this option.
- RAM user: The AccessKey of a RAM user is used to run SQL statements. The permissions of RAM users are strictly controlled. Only authorized RAM users can perform operations on tables in the production environment.
- Data Integration: Only the administrator and owner of a workspace can perform operations such as adding connections and synchronizing tables in the workspace.
- :MaxCompute Management A workspace administrator can bind a resource group to the workspace. Then administration experts can view the system status, allocate resources, and monitor nodes in MaxCompute CU Management.
- Operation Center: Only workspace administrators and administrator experts can perform operations in Operation Center.
We recommend that you grant the least roles to each RAM user to guarantee data security.