All Products
Document Center

Authorize DLA to delete OSS files

Last Updated: Oct 11, 2019

his topic describes how to authorize Data Lake Analytics (DLA) to delete Object Storage Service (OSS) files.

Step 1: Create a custom authorization policy.

  1. Log on to the Resource Access Management console with your DLA account.

  2. In the left-side navigation pane, choose Policies. On the Policies page, click Create Policy. On the Create Custom Policy page, configure the parameters as follows:

    • Configuration Mode: Select Script.

    • Policy Document: Copy and paste the following content into the text box. Replace “your-bucket-name” with your OSS bucket name. If you require DLA permissions at a finer granularity, enter the full path of the OSS file that you want to delete.

      1. {
      2. "Version": "1",
      3. "Statement": [
      4. {
      5. "Action": [
      6. "oss:DeleteObject"
      7. ],
      8. "Resource": "acs:oss:*:*:<your-bucket-name>/*",
      9. "Effect": "Allow"
      10. }
      11. ]
      12. }

      Create a policy

Step 2: Grant the authorization policy to the role of DLA.

  1. In the left-side navigation pane, choose RAM Roles. On the RAM Roles page, find the target RAM role AliyunOpenAnalyticsAccessingOSSRole.

    Search for the RAM role

  2. Click the role name. On the Permissions tab that appears by default, click Add Permissions.

    Add permissions

  3. On the Add Permissions page, select Custom Policy from the drop-down list, locate the policy created in Step 1, grant the policy to the DLA role (AliyunOpenAnalyticsAccessingOSSRole), and click OK.

    Authorization succeeded