All Products
Search
Document Center

Grant permissions on offline storage to AIRec

Last Updated: Aug 31, 2021

1. Use scenarios

1.1. Use data in a self-managed data warehouse to start an AIRec instance

  1. Log on to the Artificial Intelligence Recommendation (AIRec) console.

2. Select Historical Data-Based Start mode when you create an AIRec instance. For more information about how to configure data sources to start an AIRec instance, configure real-time data sources, and configure offline data sources, see Use historical data to start an instance

Note:

  1. Before you configure data sources to start an AIRec instance, you must grant permissions to your "1619920497425387" account to read data from MaxCompute. For more information, see "Grant permissions on MaxCompute to AIRec".

  2. Before you configure offline dat"1619920497425387" account to read data from and write data to MaxCompute. For more information, see "Grant permissions on MaxCompute to AIRec".

1.2. Customize recall links

Before you customize recall links, you must grant permissions to your "1619920497425387" account to read data from MaxCompute.

2. Grant permissions on MaxCompute to AIRec

  1. Download and configure the MaxCompute client.

  2. Run the ./bin/odpscmd command to enter the MaxCompute environment.

  3. Perform the following operations to authorize your "1619920497425387" account.

  4. The following table describes permissions that are required for AIRec.

Object

Action

Description

Project

Read

Views information about a project, such as the creation time, which excludes information about objects in the project.

Project

List

Queries all types of objects in a project.

Project

CreateInstance

Creates an instance in a project.

Project

CreateTable

Creates a table in a project.

Table

Describe

Reads metadata from a table.

Table

Select

Reads data from a table.

Table

Alter

Modifies the metadata of a table or creates and deletes a partition.

Table

Update

Overwrites data in a table or inserts data to a table.

For more information about related operations, see Authorize users.

2.1. Add a user

// Add the 1619920497425387 account
add user `ALIYUN$1619920497425387`; 
// Check whether the account is added
list users;

2.2. Grant read permissions to your "1619920497425387" account

// Grant read permissions to your 1619920497425387 account
// Replace [project] with your project
// Replace [table] with your table
grant Read ON PROJECT [project] to user `ALIYUN$1619920497425387`;
grant List ON PROJECT [project] to user `ALIYUN$1619920497425387`;
grant Describe ON TABLE [table] to user `ALIYUN$1619920497425387`;
grant Select ON TABLE [table] to user `ALIYUN$1619920497425387`;

3. Grant write permissions to your 1619920497425387 account

// Grant write permissions to your 1619920497425387 account
// Replace [project] with your project
// Replace [user] with the user that you add
// Replace [table] with your table
grant Read ON PROJECT [project] to user `ALIYUN$1619920497425387`;
grant List ON PROJECT [project] to user `ALIYUN$1619920497425387`;
grant CreateTable ON PROJECT [project] to user `ALIYUN$1619920497425387`;
grant CreateInstance ON PROJECT [project] to user `ALIYUN$1619920497425387`;