This topic describes how to manage permissions by using a RAM user.
An enterprise has purchased multiple Alibaba Cloud services such as MaxCompute. All
the services share one Alibaba Cloud account. MaxCompute users are not responsible
for the Alibaba Cloud account management. They manage permissions on MaxCompute projects
by using RAM users. For example, a MaxCompute user can run the
add user command to add a RAM user and run the
grant xx on project/table command to authorize the RAM user.
- By default, the owner of a MaxCompute project must be an Alibaba Cloud account, and only the project owner can manage permissions on the MaxCompute project.
- After you Create an Alibaba Cloud account and create a project, the project owner is still the Alibaba Cloud account.
- In DataWorks, a RAM user is granted a project administrator or security administrator role. A RAM user only has the operation permissions on DataWorks workspaces, but does not have the permissions to manage MaxCompute projects. For more information, see Permission relationship between MaxCompute and DataWorks.
-- For example, the Alibaba Cloud account is email@example.com, and the RAM user used for routine permission management is Allen. -- Grant Allen the Admin role. grant admin TO firstname.lastname@example.org:Allen; -- Grant Allen the Super_Administrator role. grant Super_Administrator TO email@example.com:Allen;