edit-icon download-icon

Authorization and Permission Check

Last Updated: May 23, 2018

Authorizing users to your MaxCompute project means granting users some operating rights for objects (such as tables, tasks, and resources) in your project. This section uses ACL Authorization for the authorization of users.

ACL Authorization

For ACL authorization, the objects of MaxCompute include: Project, Table, Function, Resource, Instance, Task. Each object has different operating permissions.

ACL authorization syntax is as follows:

  1. GRANT privileges ON project_object TO project_subject
  2. REVOKE privileges ON project_object FROM project_subject
  3. privileges ::= action_item1, action_item2, ...
  4. project_object ::= PROJECT project_name | TABLE schema_name |
  5. INSTANCE inst_name | FUNCTION func_name |
  6. RESOURCE res_name | JOB job_name
  7. project_subject ::= USER full_username | ROLE role_name

In the following example, the user bob@alibabacloud.com has been added into a project named $user_project_name. However, bob@alibabacloud.com must first be granted with the permissions to create tables, describe tables, and select tables. To grant these permissions, run the following commands on the MaxCompute console:

  1. grant CreateTable on PROJECT $user_project_name to USER bob@alibabacloud.com;
  2. -- Grant 'Create Table' permission on project "$user_project_name" to bob@alibabacloud.com.
  3. grant Describe to Table $user_table_name to USER bob@alibabacloud.com;
  4. -- Grant Describe permission on table $user_table_name to bob@alibabacloud.com.
  5. grant Execute on Function $user_function_name to USER bob@alibabacloud.com;
  6. -- Grant Execute permission on function $user_function_name to bob@alibabacloud.com.

Show Grants

To view the permissions of a specified user, run the following command:

  1. show grants for $user_name;

Note:

For more information about showing grants, see Show Grants.

Thank you! We've received your feedback.