This topic describes how to manage permissions by using a RAM user.
An enterprise has purchased multiple Alibaba Cloud services such as MaxCompute. All the services share one Alibaba Cloud account. MaxCompute users are not responsible for the management of this Alibaba Cloud account. They manage permissions on MaxCompute projects by using RAM users. For example, a MaxCompute user can run the
add user command to add a RAM user and run the
grant xx on project/table command to authorize the RAM user.
- By default, the owner of a MaxCompute project must be an Alibaba Cloud account, and only the project owner can manage permissions on the MaxCompute project.
- After you activate MaxCompute by using a RAM user and create a project, the project owner is still the Alibaba Cloud account.
- In DataWorks, a RAM user is granted a project administrator or security administrator role. A RAM user only has the operation permissions on DataWorks workspaces, but does not have the permissions to manage MaxCompute projects. For more information, see Permission relationships between MaxCompute and DataWorks.
-- For example, the Alibaba Cloud account is firstname.lastname@example.org, and the RAM user used for routine permission management is Allen. -- Grant Allen the Admin role. grant admin TO email@example.com:Allen; -- Grant Allen the Super_Administrator role. grant Super_Administrator TO firstname.lastname@example.org:Allen;