DataWorks Data Integration supports authorization based on RAM roles. This topic describes how to obtain the RAM roles related to DataWorks Data Integration, delete the service linked role of DataWorks Data Integration, and allow a RAM user to create the service linked role of DataWorks Data Integration.

Scenarios

When you create a connection, for example, a connection to an Object Storage Service (OSS) bucket, you can specify DataWorks Data Integration to assume a custom RAM role to connect to the OSS bucket.

You must specify DataWorks Data Integration to assume the service linked role AliyunServiceRoleForDataWorksDI to obtain custom RAM roles.

Role description

  • Role name: AliyunServiceRoleForDataWorksDI
  • Policy name: AliyunServiceRolePolicyForDataWorksDI
  • Permission description: This policy grants DataWorks Data Integration the permission to obtain custom RAM roles.
  • Role description: DataWorks Data Integration can assume this role to obtain custom RAM roles.
{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ram:ListRoles",
                "ram:GetRole"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

Delete the AliyunServiceRoleForDataWorksDI role

You can delete the AliyunServiceRoleForDataWorksDI role at any time. If you delete this role, you cannot select RAM roles when you create a connection. For more information, see Delete a service linked role.

Permissions required for a RAM user to create the service linked role

To allow a RAM user to create the service linked role AliyunServiceRoleForDataWorksDI, you must attach the DataWorksFullAccess policy or the following policy to the RAM user:
{
    "Version": "1",
    "Statement": [
        {
            "Action": "dataworks:*",
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": "ram:CreateServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": "di.dataworks.aliyuncs.com"
                }
            }
        }
    ]
}