Creates a permission request order.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

ParameterTypeRequiredExampleDescription
ActionStringYesCreatePermissionApplyOrder

The operation that you want to perform. Set the value to CreatePermissionApplyOrder.

RegionIdStringYescn-shanghai

The region ID. For example, the ID of the China (Shanghai) region is cn-shanghai, and that of the China (Zhangjiakou) region is cn-zhangjiakou. The system determines the value of this parameter based on the endpoint that is used to call the operation.

ApplyUserIdsStringYes2678426004089****,26784260040899****

The ID of the Alibaba Cloud account for which you want to request permissions. If you want to request permissions for multiple Alibaba Cloud accounts, separate the IDs of the accounts with commas (,).

DeadlineLongNo1617115071885

The expiration time of the permissions that you request. This value is a UNIX timestamp. If you do not specify a value for this parameter, January 1, 2065 is used as the expiration time.

If LabelSecurity is disabled for the MaxCompute project in which you want to request permissions on the fields of a table, or the security level of the fields is 0 or is lower than or equal to the security level of the Alibaba Cloud account for which you want to request permissions, you can request only permanent permissions.

You can go to the Workspace Management page of the DataWorks console, click MaxCompute Management in the left-side navigation pane, and then check whether column-level access control is enabled.

You can go to your DataWorks workspace, view the security level of the fields in DataMap, and then view the security level of the Alibaba Cloud account on the User Management page.

ApplyReasonStringYesI need to use this table

The reason for your request. The administrator determines whether to approve the request based on the reason.

MaxComputeProjectNameStringYesaMaxcomputeProjectName

The name of the MaxCompute project in which you request permissions on the fields of a table.

WorkspaceIdIntegerYes12345

The ID of the DataWorks workspace that is associated with the MaxCompute project in which you want to request permissions on the fields of a table. You can go to the Workspace Management page in the DataWorks console to view the workspace ID.

OrderTypeIntegerNo1

The type of the permission request order. The parameter value is 1 and cannot be changed. This value indicates ACL-based authorization.

EngineTypeStringNoodps

The type of the compute engine instance in which you want to request permissions on the fields of a table. The parameter value is odps and cannot be changed. This value indicates that you can request permissions only on fields of tables in MaxCompute compute engine instances.

ApplyObject.N.ActionsStringYesSelect,Describe

The permission that you want to request. If you want to request multiple permissions at the same time, separate them with commas (,). You can request only the following permissions: Select, Describe, Drop, Alter, Update, and Download.

ApplyObject.N.ColumnMetaList.N.NameStringYesaColumnName

The name of the field on which you want to request permissions. If you want to request permissions on an entire table, enter the names of all fields in the table.

You can request permissions on specific fields of a table in a MaxCompute project only after LabelSecurity is enabled for this project. If LabelSecurity is disabled, you can request permissions only on an entire table.

ApplyObject.N.NameStringYesaTableName

The name of the object on which you want to request permissions. You can request permissions only on MaxCompute tables. Set this parameter to the name of the table on which you want to request permissions.

Response parameters

ParameterTypeExampleDescription
RequestIdString0bc1ec92159376****

The ID of the request.

FlowIdArray of Stringee276e6e-5d34-46d8-b848-bca7879ed233

The ID of the request order. If you request permissions on multiple objects but each object has a different request approver, one request order is generated for each object and is sent to the related approver. In this case, an array is returned.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CreatePermissionApplyOrder
&ApplyUserIds=267842600408993176,267842600408993177
&Deadline=1617115071885
&ApplyReason=I need to use this table
&MaxComputeProjectName=aMaxcomputeProjectName
&WorkspaceId=12345
&OrderType=1
&EngineType=odps
&ApplyObject=[{"Actions":"Select,Describe","ColumnMetaList":[{"Name":"aColumnName"}],"Name":"aTableName"}]
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<CreatePermissionApplyOrderResponse>
    <RequestId>0bc1ec92159376****</RequestId>
    <FlowId>ee276e6e-5d34-46d8-b848-bca7879ed233</FlowId>
</CreatePermissionApplyOrderResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "0bc1ec92159376****",
  "FlowId" : "ee276e6e-5d34-46d8-b848-bca7879ed233"
}

Error codes

For a list of error codes, visit the API Error Center.