The data access control feature provides a visual interface that allows you to request permissions, process requests, view request processing progress, follow up request processing, and audit and manage permissions.

Limits

You can use the data access control feature to request only permissions on MaxCompute tables.

Precautions

The Data access control page displays the access control platform of the new version. If you want to use the access control platform of the old version, click Return to old version in the top navigation bar of the page. For more information about the access control platform of the old version, see Overview.

Go to the Data access control page

  1. Log on to the DataWorks console.
  2. In the left-side navigation pane, click Workspaces.
  3. After you select the region in which the workspace that you want to manage resides, find the workspace and click Data Analytics in the Actions column.
  4. In the upper-left corner of the page that appears, click the Icon icon and choose All Products > Data governance > Security Center. The Data access control page appears.

Request permissions

  1. Go to the Permission application tab.
  2. Select the tables on which you want to request permissions.
    1. In the Application Content section, configure the Workspace and Project parameters.

      You can use the data access control feature to request only permissions on MaxCompute tables.

      The default value of the Application Type parameter is Table and that of the Engine type parameter is MaxCompute.
    2. Select the tables on which you want to request permissions below the Table to be added search box.
      After you select tables, the information of the tables is displayed on the right. You can click the Show icon on the left side of a table name to view all the fields in the table. You can request the permissions on some or all fields. By default, the permissions on all fields are requested. Request permissions on tables
  3. In the Application information section, configure the parameters.
    Application information
    Parameter Description
    User
    • Current login account: Request the permissions on the tables for the account that is used to log on to the current workspace.
    • Dispatch access account: Request the permissions on the tables for the account that has a scheduling access identity. If you select this option, you must configure the Workspace parameter.
    • Apply on Behalf of others: Request the permissions on the tables for an account that is not used to log on to the current workspace. If you select this option, you must configure the Username parameter.
    Workspace The account that has a scheduling access identity.
    Username The username of the account that is not used to log on to the current workspace.
    Reason for application The reason why you want to request the permissions.
  4. Click Apply for permission to submit the request.
    You can view the processing details and record of the current request on the Permission application record tab.

Process requests

  1. View pending requests.
    Go to the Permission approval tab. You can use the following parameters to find the pending requests within the current Alibaba Cloud account: Application account number, Application time, Workspace, Project name, and Object name. Permission approval
    Note If a request contains permission requests for tables that belong to different owners, the system splits the request into multiple requests by table owner.
  2. View the details about a request.
    Find the request and click Approval in the Operation column. Then, you can view the details and processing record of the request in the Approval details dialog box. Approval details
  3. Process requests.
    To process a single request, enter your comments and click Agree or Rejection based on your business requirements.
    To process multiple requests at a time, you can select all the requests that you want to process on the Permission approval tab, click Bulk consent or Batch rejection, and then enter your comments.

View historical permission requests and their processing records

  • Go to the Permission application record tab. Then, you can use the following parameters to find the historical permission requests within the current Alibaba Cloud account: Approval status, Application time, Workspace, Project name, and Table name.

    You can click View details in the Operation column that corresponds to a request to view the details about the request. In addition, you can continue to process the requests whose approval states are In approval.

  • Go to the Permission approval record tab. Then, you can use the following parameters to find the request processing records within the current Alibaba Cloud account: Application account number, Approval Results, Workspace, Project name, Object name, and Application time.

    You can click View details in the Operation column that corresponds to a request to view the details about the request.

Audit permissions

Go to the Permission audit tab. Then, you can use the following parameters to find the permission requests that are processed for the desired workspace, project, or object in Security Center: Workspace, Project name, and Object name.