Use case

Last Updated: Jul 28, 2017

Assume that you are an Alibaba Cloud user without subaccount. You need to replace AccessKey with your own AccessKey in the following content.

CLI, a tool for Table Store and can directly be used to read and write data through command lines, is used in the test.

Prerequisites

  1. Download Table Store CLI Took Kit.

  2. Install and configure Table Store CLI tool in the following method.

  1. Install dependency python onekey_INSTALL.py
  2. Configure parameterpython ots_console --url http://<InstanceName>.cn-hangzhou.ots.aliyuncs.com --id <AccessID> --key <AccessKey>
  3. Execute command for examplect pk1:string,pk2:integer readrt:1 writert:1

For details, refer to the help documentation in the CLI toolkit.

Create a subaccount

Assume that you are a mobile developer and currently use a Table Store instance named ram-test-dev for development, test, and other functions.

Ensure that you have stopped using the primary account to access this instance, in order to avoid problems caused by AccessKey and password leaks.

Operation procedure

  1. Activate the Resource Access Management service.

  2. Use the primary account to log on to the RAM console.

  3. Click Users.

  4. Click New User to create a subaccount with the same Table Store access permissions as the primary account.

    user management

  5. Generate AccessKey for the new user ram_test.

    generateAK

  6. Save the Access Key information for later use.

    save

  7. Click Authorization to grant the subaccount full access permissions for Table Store.

    authorization

    authorization

  8. (Optional) Click Manage to grant the account console logon or other permissions.

Example

Now you can test the operations of creating and deleting a table. In this example, the AccessKey is for ram_test. Please replace it with your own AccessKey during the testing process.

  1. $python ots_console --url http://TableStoreTest.cn-hangzhou.ots.aliyuncs.com --id VPIzjuDB6T4FGoWM --key r1usnIQ4Tw1yI6bNJkKay6A8EJoMvs
  2. $OTS-TableStoreTest>: ct test pk1:string,pk2:integer readrt:1 writert:1
  3. Table test has been created successfully.
  4. $OTS-TableStoreTest>: dt test
  5. You will delete the table:test!
  6. press Y (confirm) :Y
  7. Table test has been deleted successfully.

The ram_test subaccount can be used for all general operations, so as to avoid leaking the AccessKey of the primary account.

Read/write permission separation

To share data of an instance in Table Store without data modification, you can separate read/write permission by creating a subaccount with read-only permission.

Create an account named ram_test_pub. Select ReadOnly on the Edit Individual Authorization Policy page to grant the subaccount ReadOnly access permission for Table Store, as shown below.

readonly

Example

Use the AccessKey of the subaccount to test the permissions of creating and deleting a table. In the example, the AccessKey is for ram_test_pub. Please replace it with your own AccessKey during the testing process.

  1. $python ots_console --url http://TableStoreTest.cn-hangzhou.ots.aliyuncs.com --id ftWyMEYu1rBYTbWM --key u4qR5IGu5xJsvSO1y8moyC6n5vA7af
  2. $OTS-TableStoreTest>: ct test pk1:string,pk2:integer readrt:1 writert:1
  3. Fail to create table test.
  4. $OTS-TableStoreTest>: dt test
  5. You will delete the table:test!
  6. press Y (confirm) :Y
  7. Fail to delete table test.

The ram_test_pub subaccount cannot be used to create and delete a table.

Thank you! We've received your feedback.