AliyunServiceRoleForDataHub is the service-linked role for DataHub. This topic describes the scenarios of the service-linked role and how to delete the service-linked role.
Service-linked role for DataHub
AliyunServiceRoleForDataHub is the service-linked role for DataHub. This topic describes the scenarios of the service-linked role and how to delete the service-linked role.
Background information
The service-linked role for DataHub is a RAM role that is used to obtain the permissions to access Object Storage Service (OSS), Tablestore (OTS), or Function Compute when you synchronize data from DataHub to OSS, OTS, or Function Compute. For more information, see Service-linked roles.
Scenarios
When you synchronize data from DataHub to OSS, OTS, or Function Compute, the service-linked role for DataHub is required to access OSS, OTS, or Function Compute.
Service-linked role for DataHub
Role name: AliyunServiceRoleForDataHub
Policy of the role: AliyunServiceRolePolicyForDataHub
The following code describes the permissions of the service-linked role for DataHub:
{
"Version": "1",
"Statement": [
{
"Action": [
"log:GetLogStore",
"log:ListLogStores",
"log:CreateLogStore",
"log:DeleteLogStore",
"log:UpdateLogStore",
"log:GetCursorOrData",
"log:ListShards",
"log:PostLogStoreLogs",
"log:CreateConfig",
"log:UpdateConfig",
"log:DeleteConfig",
"log:GetConfig",
"log:ListConfig",
"log:CreateMachineGroup",
"log:UpdateMachineGroup",
"log:DeleteMachineGroup",
"log:GetMachineGroup",
"log:ListMachineGroup",
"log:ListMachines",
"log:ApplyConfigToGroup",
"log:RemoveConfigFromGroup",
"log:GetAppliedMachineGroups",
"log:GetAppliedConfigs",
"log:GetShipperStatus",
"log:RetryShipperTask",
"log:CreateConsumerGroup",
"log:UpdateConsumerGroup",
"log:DeleteConsumerGroup",
"log:ListConsumerGroup",
"log:ConsumerGroupUpdateCheckPoint",
"log:ConsumerGroupHeartBeat",
"log:GetConsumerGroupCheckPoint"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"fc:InvokeFunction",
"fc:GetFunction"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oss:GetObject",
"oss:PutObject",
"oss:ListObjects",
"oss:GetBucketAcl"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ots:ListTable",
"ots:DescribeTable",
"ots:GetRow",
"ots:PutRow",
"ots:UpdateRow",
"ots:DeleteRow",
"ots:GetRange",
"ots:BatchGetRow",
"ots:BatchWriteRow"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "datahub.aliyuncs.com"
}
}
}
]
}Delete the service-linked role for DataHub
Before you delete service-linked role for DataHub, you must delete DataConnectors that depend on the service-linked role.
For more information about how to delete a DataConnector, see Delete a DataConnector.
For more information about how to delete a service-linked role, see the "Delete a service-linked role" section of the Service-linked roles topic.
Create the service-linked role for DataHub as a RAM user
If you want to create the service-linked role for DataHub as a RAM user, you must attach the CreateServiceLinkedRole policy to the RAM user. The following code describes the policy:
{
"Statement": [
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"datahub.aliyuncs.com"
]
}
}
}
],
"Version": "1"
}