All Products
Search
Document Center

DataWorks:Permissions of built-in workspace-level roles

Last Updated:Dec 27, 2023

DataWorks provides the following built-in workspace-level roles: Workspace Owner, Workspace Administrator, Data Analyst, Development, O&M, Deploy, Visitor, Security Manager, and Model Designer. This topic describes the permissions of these roles.

By default, the built-in workspace-level roles provided by DataWorks have read permissions on all workspace-level services. The management and operation permissions of different built-in workspace-level roles on workspace-level services vary. The following table describes the built-in workspace-level roles and the permissions of each built-in workspace-level role on workspace-level services.

Role

Description

Workspace Owner

This role has all permissions on a workspace. In most cases, the owner of a workspace is an Alibaba Cloud account. For example, the Workspace Owner role can assign a role to a RAM user and remove a member that is not the owner of a workspace from the workspace.

Workspace Administrator

This role has all permissions of the Development and O&M roles. This role also has permissions to perform operations such as adding a user to a workspace as a member, removing a member from a workspace, and creating a custom resource group.

Data Analyst

This role has permissions only on DataAnalysis. For more information about DataAnalysis, see Overview.

Development

This role has permissions to perform design and maintenance operations on the DataStudio page of a workspace.

O&M

This role has permissions to manage the running of all tasks and perform the required operations on all tasks in a workspace in Operation Center.

Deploy

This role has permissions to review the code of a task and determine whether to commit the task to Operation Center in a workspace in standard mode.

Visitor

This role has read-only permissions on workflows and code on the DataStudio page.

Security Manager

This role has permissions only on Data Security Guard. For more information about Data Security Guard, see Overview.

Model Designer

This role has permissions to view models and modify parameter configurations in Data Warehouse Planning, Data Standard, Dimensional Modeling, and Data Metric. This role does not have permissions to publish models.

The tables in the following sections describe the permissions of different built-in workspace-level roles on workspace-level services. In the tables, Yes indicates that a role has the specified permission, and No indicates that a role does not have the specified permission.

The built-in workspace-level roles also have specified permissions on the data of a MaxCompute compute engine instance. For more information, see Manage permissions on data in a MaxCompute compute engine instance.

Note

Data management

Permission

Workspace Owner

Workspace Administrator

Data Analyst

Development

O&M

Deploy

Visitor

Security Manager

Model Designer

Delete a self-created table

Yes

Yes

No

Yes

No

No

No

No

No

Configure a category for a self-created table

Yes

Yes

No

Yes

No

No

No

No

No

View a favorite table

Yes

Yes

No

Yes

No

No

No

No

No

Create a table in visualized mode

Yes

Yes

No

Yes

No

No

No

No

No

Show a self-created table

Yes

Yes

No

Yes

No

No

No

No

No

Modify the schema of a self-created table

Yes

Yes

No

Yes

No

No

No

No

No

View a self-created table

Yes

Yes

No

Yes

No

No

No

No

No

View the content of a self-submitted permission request

Yes

Yes

No

Yes

No

No

No

No

No

Hide a self-created table

Yes

Yes

No

Yes

No

No

No

No

No

Configure the time to live (TTL) for a self-created table

Yes

Yes

No

Yes

No

No

No

No

No

Request permissions on a table created by other users

Yes

Yes

No

Yes

No

No

No

No

No

Update a table in the development environment

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Delete a table in the development environment

Yes

Yes

No

Yes

No

No

No

No

No

Preview data

Yes

Yes

No

Yes

Yes

Yes

Yes

Yes

No

Deployment management

Permission

Workspace Owner

Workspace Administrator

Data Analyst

Development

O&M

Deploy

Visitor

Security Manager

Model Designer

Create a deployment package

Yes

Yes

No

Yes

Yes

No

No

No

No

View the list of deployment packages

Yes

Yes

No

Yes

Yes

Yes

Yes

No

No

Delete a deployment package

Yes

Yes

No

Yes

Yes

No

No

No

No

Deploy tasks in a deployment package

Yes

Yes

No

No

Yes

Yes

No

No

No

View the content of a deployment package

Yes

Yes

No

Yes

Yes

Yes

Yes

No

No

Button control

Permission

Workspace Owner

Workspace Administrator

Data Analyst

Development

O&M

Deploy

Visitor

Security Manager

Model Designer

Stop

Yes

Yes

No

Yes

No

No

No

No

No

Format

Yes

Yes

No

Yes

No

No

No

No

No

Edit

Yes

Yes

No

Yes

No

No

No

No

No

Run

Yes

Yes

No

Yes

No

No

No

No

No

Zoom in

Yes

Yes

No

Yes

No

No

No

No

No

Save

Yes

Yes

No

Yes

No

No

No

No

No

Show/Hide

Yes

Yes

No

Yes

No

No

No

No

No

Delete

Yes

Yes

No

Yes

No

No

No

No

No

Code development

Permission

Workspace Owner

Workspace Administrator

Data Analyst

Development

O&M

Deploy

Visitor

Security Manager

Model Designer

Save and commit the code of a task

Yes

Yes

No

Yes

No

No

No

No

No

View the code of a task

Yes

Yes

No

Yes

Yes

Yes

Yes

No

No

Write the code of a task

Yes

Yes

No

Yes

No

No

No

No

No

Delete the code of a task

Yes

Yes

No

Yes

No

No

No

No

No

View the code of tasks

Yes

Yes

No

Yes

Yes

Yes

Yes

No

No

Run the code of a task

Yes

Yes

No

Yes

No

No

No

No

No

Modify the code of a task

Yes

Yes

No

Yes

No

No

No

No

No

Download a file

Yes

Yes

No

No

No

No

No

No

No

Upload a file

Yes

Yes

No

Yes

No

No

No

No

No

Function development

Permission

Workspace Owner

Workspace Administrator

Data Analyst

Development

O&M

Deploy

Visitor

Security Manager

Model Designer

View details of a function

Yes

Yes

No

Yes

Yes

Yes

Yes

No

No

Create a function

Yes

Yes

No

Yes

No

No

No

No

No

Query a function

Yes

Yes

No

Yes

Yes

Yes

Yes

No

No

Delete a function

Yes

Yes

No

Yes

No

No

No

No

No

Node type selection

Permission

Workspace Owner

Workspace Administrator

Data Analyst

Development

O&M

Deploy

Visitor

Security Manager

Model Designer

PAI

Yes

Yes

No

Yes

No

No

No

No

No

MR

Yes

Yes

No

Yes

No

No

No

No

No

CDP

Yes

Yes

No

Yes

No

No

No

No

No

SQL

Yes

Yes

No

Yes

No

No

No

No

No

XLIB

Yes

Yes

No

Yes

Yes

Yes

Yes

No

No

Shell

Yes

Yes

No

Yes

No

No

No

No

No

Zero load

Yes

Yes

No

Yes

Yes

Yes

Yes

No

No

script_seahawks

Yes

Yes

No

Yes

No

No

No

No

No

dtboost_analytic

Yes

Yes

No

Yes

No

No

No

No

No

dtboost_recommend

Yes

Yes

No

Yes

No

No

No

No

No

PyODPS

Yes

Yes

No

Yes

No

No

No

No

No

AnalyticDB for PostgreSQL

Yes

Yes

No

Yes

No

No

No

No

No

AnalyticDB for MySQL

Yes

Yes

No

Yes

No

No

No

No

No

HTTP Trigger

Yes

Yes

No

Yes

No

No

No

No

No

Resource management

Permission

Workspace Owner

Workspace Administrator

Data Analyst

Development

O&M

Deploy

Visitor

Security Manager

Model Designer

View the list of resources

Yes

Yes

No

Yes

Yes

Yes

Yes

No

No

Delete a resource

Yes

Yes

No

Yes

No

No

No

No

No

Create a resource

Yes

Yes

No

Yes

No

No

No

No

No

Upload a JAR file

Yes

Yes

No

Yes

No

No

No

No

No

Upload a text file

Yes

Yes

No

Yes

No

No

No

No

No

Upload an archive file

Yes

Yes

No

Yes

No

No

No

No

No

Workflow development

Permission

Workspace Owner

Workspace Administrator

Data Analyst

Development

O&M

Deploy

Visitor

Security Manager

Model Designer

Run or stop a workflow

Yes

Yes

No

Yes

No

No

No

No

No

Save a workflow

Yes

Yes

No

Yes

No

No

No

No

No

View a workflow

Yes

Yes

No

Yes

Yes

Yes

Yes

No

No

Commit the code of a node

Yes

Yes

No

Yes

No

No

No

No

No

Modify a workflow

Yes

Yes

No

Yes

No

No

No

No

No

View the list of workflows

Yes

Yes

No

Yes

Yes

Yes

Yes

No

No

Change the owner of a workflow

Yes

Yes

No

No

No

No

No

No

No

View the code of a node

Yes

Yes

No

Yes

No

No

No

No

No

Delete a workflow

Yes

Yes

No

Yes

No

No

No

No

No

Create a workflow

Yes

Yes

No

Yes

No

No

No

No

No

Create a folder

Yes

Yes

No

Yes

No

No

No

No

No

Delete a folder

Yes

Yes

No

Yes

No

No

No

No

No

Modify a folder

Yes

Yes

No

Yes

No

No

No

No

No

Data Integration

Permission

Workspace Owner

Workspace Administrator

Data Analyst

Development

O&M

Deploy

Visitor

Security Manager

Model Designer

Edit a node

Yes

Yes

No

Yes

No

No

No

No

No

View a node

Yes

Yes

No

Yes

No

No

No

No

No

Delete a node

Yes

Yes

No

Yes

No

No

No

No

No

Access the menu for managing data synchronization resources

Yes

Yes

No

Yes

Yes

Yes

No

No

No

View the list of resource groups for data synchronization

Yes

Yes

No

Yes

Yes

Yes

Yes

No

No

Create a resource group for data synchronization

Yes

Yes

No

Yes

Yes

Yes

No

No

No

View the list of Elastic Compute Service (ECS) instances in a resource group for data synchronization

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Add an ECS instance to a resource group for data synchronization

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Remove an ECS instance from a resource group for data synchronization

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Modify an ECS instance in a resource group for data synchronization

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Obtain the AccessKey pair for accessing a resource group for data synchronization

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Delete a resource group for data synchronization

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Monitor resource consumption

Yes

Yes

No

No

No

No

No

No

No

Change the resource group for tasks in Operation Center

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Access the menu for managing synchronization tasks

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Switch to the code editor

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Obtain the list of members in a workspace

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Call the API operation for writing the code of a task

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Call the API operation for saving or updating the code of a task

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Call the API operation for obtaining the code of a task based on the file ID

Yes

Yes

No

Yes

Yes

Yes

Yes

No

No

Obtain the list of Data Integration nodes

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Call the API operation for querying a table

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Call the API operation for querying a field

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Call the API operation for querying data sources

Yes

Yes

No

Yes

Yes

Yes

Yes

No

No

Call the API operation for adding a data source

Yes

Yes

No

No

Yes

No

No

No

No

Call the API operation for querying the details of a data source

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Call the API operation for updating a data source

Yes

Yes

No

No

Yes

No

No

No

No

Call the API operation for deleting a data source

Yes

Yes

No

No

Yes

No

No

No

No

Test network connectivity

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Preview data

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Check whether the Stream feature is enabled for a Tablestore table

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Activate Tablestore

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Query the statement used to create a MaxCompute table

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Create a MaxCompute table

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Query the creation status of a MaxCompute table

Yes

Yes

No

Yes

Yes

Yes

No

No

No

Migrate database tables

Yes

Yes

No

No

No

No

No

No

No

Data Modeling

Permission

Workspace Owner

Workspace Administrator

Data Analyst

Development

O&M

Deploy

Visitor

Security Manager

Model Designer

View a model

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Edit a model

Yes

Yes

No

Yes

Yes

No

No

No

Yes

Publish a model

Yes

Yes

No

No

Yes

No

No

No

No

DataAnalysis

Permission

Workspace Owner

Workspace Administrator

Data Analyst

Development

O&M

Deploy

Visitor

Security Manager

Model Designer

Access pages in DataAnalysis

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Use DataAnalysis

Yes

Yes

Yes

Yes

Yes

Yes

No

Yes

Yes

Note

By default, a custom role does not have the permissions of the Data Analyst role. If you want to use DataAnalysis by assuming a custom role, you can ask a user with the Workspace Administrator role to assign the Data Analyst role to you. For more information about how to assign a role to a workspace member, see Manage permissions on workspace-level services. For more information about custom roles, see Permissions of workspace-level roles.