All Products
Search
Document Center

Service-linked role for DataHub

Last Updated: Aug 09, 2021

AliyunServiceRoleForDataHub is the service-linked role for DataHub. This topic describes the scenarios of the service-linked role and how to delete the service-linked role.

Service-linked role for DataHub

AliyunServiceRoleForDataHub is the service-linked role for DataHub. This topic describes the scenarios of the service-linked role and how to delete the service-linked role.

Background information

The service-linked role for DataHub is a RAM role that is used to obtain the permissions to access Object Storage Service (OSS), Tablestore (OTS), or Function Compute when you synchronize data from DataHub to OSS, OTS, or Function Compute. For more information, see Service-linked roles.

Scenarios

When you synchronize data from DataHub to OSS, OTS, or Function Compute, the service-linked role for DataHub is required to access OSS, OTS, or Function Compute.

Service-linked role for DataHub

Role name: AliyunServiceRoleForDataHub

Policy of the role: AliyunServiceRolePolicyForDataHub

The following code describes the permissions of the service-linked role for DataHub:

{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "log:GetLogStore",
        "log:ListLogStores",
        "log:CreateLogStore",
        "log:DeleteLogStore",
        "log:UpdateLogStore",
        "log:GetCursorOrData",
        "log:ListShards",
        "log:PostLogStoreLogs",
        "log:CreateConfig",
        "log:UpdateConfig",
        "log:DeleteConfig",
        "log:GetConfig",
        "log:ListConfig",
        "log:CreateMachineGroup",
        "log:UpdateMachineGroup",
        "log:DeleteMachineGroup",
        "log:GetMachineGroup",
        "log:ListMachineGroup",
        "log:ListMachines",
        "log:ApplyConfigToGroup",
        "log:RemoveConfigFromGroup",
        "log:GetAppliedMachineGroups",
        "log:GetAppliedConfigs",
        "log:GetShipperStatus",
        "log:RetryShipperTask",
        "log:CreateConsumerGroup",
        "log:UpdateConsumerGroup",
        "log:DeleteConsumerGroup",
        "log:ListConsumerGroup",
        "log:ConsumerGroupUpdateCheckPoint",
        "log:ConsumerGroupHeartBeat",
        "log:GetConsumerGroupCheckPoint"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "fc:InvokeFunction",
        "fc:GetFunction"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "oss:GetObject",
        "oss:PutObject",
        "oss:ListObjects",
        "oss:GetBucketAcl"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "ots:ListTable",
        "ots:DescribeTable",
        "ots:GetRow",
        "ots:PutRow",
        "ots:UpdateRow",
        "ots:DeleteRow",
        "ots:GetRange",
        "ots:BatchGetRow",
        "ots:BatchWriteRow"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "datahub.aliyuncs.com"
        }
      }
    }
  ]
}

Delete the service-linked role for DataHub

Before you delete service-linked role for DataHub, you must delete DataConnectors that depend on the service-linked role.

  • For more information about how to delete a DataConnector, see Delete a DataConnector.

  • For more information about how to delete a service-linked role, see the "Delete a service-linked role" section of the Service-linked roles topic.

Create the service-linked role for DataHub as a RAM user

If you want to create the service-linked role for DataHub as a RAM user, you must attach the CreateServiceLinkedRole policy to the RAM user. The following code describes the policy:

{
    "Statement": [
        {
            "Action": "ram:CreateServiceLinkedRole",
            "Resource": "*",
            "Effect": "Allow",
            "Condition": {
                "StringEquals": {
                    "ram:ServiceName": [                      
                        "datahub.aliyuncs.com"
                    ]
                }
            }
        }
    ],
    "Version": "1"
}