This topic describes the users and roles involved in MaxCompute.
Background information
The following table describes the users and roles supported by MaxCompute.
| Category | Item | Description | Relationship between users and roles |
|---|---|---|---|
| User | Alibaba Cloud account | An account that is created on the Alibaba Cloud official website. | Users and roles are closely associated with permissions:
For more information about how to view the permissions of a user or role, see View permissions. |
| RAM user | A user that you can create by using an Alibaba Cloud account. Resource Access Management (RAM) users are used to assist Alibaba Cloud accounts in data processing. | ||
| Role | Project Owner | The owner of a project. After a user creates a MaxCompute project, the user becomes the owner of the project and has all permissions on the project. No one except the project owner has access to objects in this project unless authorized by the project owner. |
|
| Super_Administrator | A built-in management role of MaxCompute and the super administrator of a project. A user with the Super_Administrator role has operation permissions on all resources in the project and administrator permissions. Project owners or users with the Super_Administrator role can assign the Super_Administrator role to other users. |
||
| Admin | A built-in management role of MaxCompute. A user with the Admin role has operation permissions and some basic administrator permissions. A project owner can assign the Admin role to other users. |
||
| Custom role | A non-built-in role of MaxCompute. This role needs to be customized. You can define roles based on the roles with the names that start with Role_ in DataWorks. |
Note DataWorks also has roles. For more information about the roles in DataWorks and MaxCompute, see
Role and permission relationships. If you want to add or authorize users in the DataWorks console, you can perform operations by following the instructions in
Add a workspace member and configure roles.
Operation differences between Alibaba Cloud accounts and RAM users
The following table describes the operations that Alibaba Cloud accounts and RAM users can perform by using different tools or on different platforms and also describes their required roles.
| Operation type | Operation | Supported tool or platform | Alibaba Cloud account | Role of Alibaba Cloud account | RAM user | Role of RAM user | Requirement |
|---|---|---|---|---|---|---|---|
| Project management | Create and delete a project | DataWorks console | Supported | Project owner | Supported | DataWorks role: Workspace Manager |
|
| Create and delete a project |
|
Not supported | N/A | Not supported | N/A | N/A | |
| Access data cross projects |
|
Supported | Project owner | Supported | MaxCompute roles: MaxCompute built-in roles and custom roles that have cross-project access permissions DataWorks roles: Workspace Manager, Development, and O&M |
Use your Alibaba Cloud account to complete authorization. | |
| Update a project |
|
Not supported | N/A | Not supported | N/A | N/A | |
| Configure IP address whitelists |
|
Supported | Project owner | Supported | MaxCompute role: Super_Administrator DataWorks role: not involved |
If you use a RAM user, use your Alibaba Cloud account to assign the Super_Administrator role to the RAM user. | |
| Scan a full table |
|
Supported | Project owner | Not supported | MaxCompute role: Super_Administrator DataWorks role: not involved |
If you use a RAM user, use your Alibaba Cloud account to assign the Super_Administrator role to the RAM user. | |
| Protect project data |
|
Supported | Project owner | Not supported | MaxCompute role: Super_Administrator DataWorks role: not involved |
If you use a RAM user, use your Alibaba Cloud account to assign the Super_Administrator role to the RAM user. | |
| Add, authorize, and manage project members |
|
Supported | Project owner | Supported | MaxCompute role: Super_Administrator DataWorks role: Workspace Manager |
If you use a RAM user, use your Alibaba Cloud account to assign the Super_Administrator role to the RAM user. | |
| Data Integration | Create and modify data sources | DataWorks console | Supported | Project owner | Supported | DataWorks role: Workspace Manager | N/A |
| Create and modify synchronization tasks | DataWorks console | Supported | Project owner | Supported | DataWorks roles: Workspace Manager and Development | N/A | |
| Publish a synchronization task | DataWorks console | Supported | Project owner | Supported | DataWorks roles: Workspace Manager, Development, O&M, and Deploy | N/A | |
| MaxCompute Management | Modify a quota group | DataWorks console | Supported | Project owner | Supported | MaxCompute role: Super_Administrator DataWorks role: not involved |
If you use a RAM user, use your Alibaba Cloud account to attach the AdministratorAccess or AliyunDataWorksFullAccess policy to the RAM user. |
| View, perform O&M on, and monitor jobs | DataWorks console | Supported | Project owner | Supported | MaxCompute role: Super_Administrator DataWorks roles: Workspace Manager, Development, O&M, and Deploy |
If you use a RAM user, use your Alibaba Cloud account to attach the AdministratorAccess or AliyunDataWorksFullAccess policy to the RAM user. | |
| Perform RAM authorization | DataWorks console | Not supported | N/A | Not supported | N/A | N/A | |
| Code development | View the code list and content | DataWorks console | Supported | Project owner | Supported | DataWorks roles: Workspace Manager, Development, O&M, and Deploy | N/A |
| Create, delete, update, and run code | DataWorks console | Supported | Project owner | Supported | DataWorks roles: Workspace Manager and Development | N/A | |
| JAVA UDF |
|
Supported | Project owner | Supported | MaxCompute roles: MaxCompute built-in roles and custom roles that have permissions to develop Java user-defined functions (UDFs) DataWorks roles: Workspace Manager, Development, O&M, and Deploy |
N/A | |
| Python UDF |
|
Supported | Project owner | Supported | MaxCompute roles: MaxCompute built-in roles and custom roles that have permissions to develop Python UDFs DataWorks roles: Workspace Manager, Development, O&M, and Deploy |
N/A | |
| Operation Center | View and manage scheduling tasks | DataWorks console | Supported | Project owner | Supported | DataWorks roles: Workspace Manager, Development, O&M, and Deploy | N/A |
| Data management | Create a table |
|
Supported | Project owner | Supported | MaxCompute roles: MaxCompute built-in roles and custom roles that have permissions to create tables DataWorks roles: Workspace Manager and Development |
N/A |
| Update a table |
|
Supported | Project owner | Supported | MaxCompute roles: MaxCompute built-in roles and custom roles that have permissions to update tables DataWorks roles: Workspace Manager and Development |
N/A | |
| Delete a table |
|
Supported | Project owner | Supported | MaxCompute roles: MaxCompute built-in roles and custom roles that have permissions to delete tables DataWorks roles: Workspace Manager and Development |
N/A | |
| Grant access to a single table by configuring an access control list (ACL) |
|
Supported | Project owner | Supported | MaxCompute roles: MaxCompute built-in roles DataWorks roles: Workspace Manager and Development |
N/A | |
| Preview metadata |
|
Supported | Project owner | Supported | MaxCompute roles: MaxCompute built-in roles and custom roles that have permissions to view metadata DataWorks roles: Workspace Manager, Development, O&M, and Deploy |
N/A | |
| Preview a table cross projects |
|
Supported | Project owner | Supported | MaxCompute roles: MaxCompute built-in roles and custom roles that have permissions to view tables cross projects DataWorks roles: Workspace Manager, Development, O&M, and Deploy |
Use an Alibaba Cloud account to complete authorization. | |
| Resource management | Query resources |
|
Supported | Project owner | Supported | MaxCompute roles: MaxCompute built-in roles and custom roles that have permissions to view resources DataWorks roles: Workspace Manager, Development, O&M, and Deploy |
N/A |
| Create and delete resources |
|
Supported | Project owner | Supported | MaxCompute roles: MaxCompute built-in roles and custom roles that have permissions to create and delete resources DataWorks roles: Workspace Manager and Development |
N/A | |
| Upload resources |
|
Supported | Project owner | Supported | MaxCompute roles: MaxCompute built-in roles and custom roles that have permissions to upload resources DataWorks roles: Workspace Manager and Development |
N/A | |
| Workflow development | View the workflow list and content | DataWorks console | Supported | Project owner | Supported | DataWorks roles: Workspace Manager, Development, O&M, and Deploy | N/A |
| Create, delete, and update workflows | DataWorks console | Supported | Project owner | Supported | DataWorks roles: Workspace Manager and Development | N/A | |
| Create, delete, and update folders | DataWorks console | Supported | Project owner | Supported | DataWorks roles: Workspace Manager and Development | N/A | |
| Function development | View the function list and details |
|
Supported | Project owner | Supported | MaxCompute roles: MaxCompute built-in roles and custom roles that have permissions to view functions DataWorks roles: Workspace Manager, Development, O&M, and Deploy |
N/A |
| Create and delete functions |
|
Supported | Project owner | Supported | MaxCompute roles: MaxCompute built-in roles and custom roles that have permissions to create and delete functions. DataWorks roles: Workspace Manager and Development |
N/A | |
| Sales | Purchase, recharge, renewal, upgrade, and downgrade |
|
Supported | Project owner | Supported | N/A | If you use a RAM user, use your Alibaba Cloud account to attach the AliyunBSSFullAccess policy to the RAM user. |
| View bills, billing details, and usage records | Billing Management of the Alibaba Cloud Management Console | Supported | Project owner | Supported | N/A | If you use a RAM user, use your Alibaba Cloud account to attach the AliyunBSSFullAccess policy to the RAM user. |