Super_Administrator and Admin are built-in administrator roles in MaxCompute. To improve authorization efficiency, you can directly assign a built-in administrator role to a user. This way, the user is granted all permissions of this role. This topic describes how to assign a built-in administrator role to a user.

Background information

The following table describes the built-in administrator roles provided by MaxCompute.

Built-in role Assigned by How to assign
Project-level Super_Administrator role Project owner
Project-level Admin role
Note

The tenant-level Super_Administrator and Admin roles have not only administrative permissions but also the permissions to use all objects. Exercise caution when you assign the roles to accounts. We recommend that you assign the roles only to accounts that are used for global management.

Assign a role by using the MaxCompute client

For example, the user whose Alibaba Cloud account is Bob@aliyun.com is the owner of the test_project_a project, and user Allen is a RAM user that belongs to Bob@aliyun.com. To assign the Super_Administrator role to the RAM user Allen, perform the following steps:

  1. Enter the test_project_a project by using the Alibaba Cloud account Bob@aliyun.com.
    use test_project_a;
  2. Add the RAM user Allen to the test_project_a project.
    add user RAM$Bob@aliyun.com:Allen;
  3. Assign the Super_Administrator role to the RAM user Allen.
    grant super_administrator TO RAM$Bob@aliyun.com:Allen;

Assign a role by using DataWorks

For example, the user whose Alibaba Cloud account is Bob@aliyun.com is the owner of the test_project_a project, and user Allen is a RAM user that belongs to Bob@aliyun.com. To assign the Super_Administrator role to the RAM user Allen, perform the following steps:

  1. Go to the Workspace Management page of DataWorks. In the upper-left corner of the Workspace Management page, select the workspace in which you want to assign a role from the drop-down list.
  2. Add the RAM user Allen as a workspace member.
    1. In the left-side navigation pane, click User Management to go to the User Management page.
    2. In the upper-right corner, click Add Member.
    3. In the Add Member dialog box, select the member that you want to add from the Available Accounts section and click the rightwards arrow to add the member to the Added Accounts section.
    4. Select roles for the member and click Confirm.
  3. Assign the Super_Administrator or Admin role to the RAM user Allen.
    1. In the left-side navigation pane, click Maxcompute Management.
    2. In the navigation tree, click Custom User Roles.
    3. Find the role that you want to assign to the user and click Manage Members in the Actions column. In the Manage Members dialog box, select the member that you want to add from the Available Accounts section and click the rightwards arrow to add the member to the Added Accounts section.
    4. Click Confirm.