Authorizing users to your MaxCompute project means granting users some operating rights for objects (such as tables, tasks, and resources) in your project. This section uses ACL Authorization for the authorization of users.
ACL authorization syntax is as follows:
GRANT privileges ON project_object TO project_subject
REVOKE privileges ON project_object FROM project_subject
privileges ::= action_item1, action_item2, ...
project_object ::= PROJECT project_name | TABLE schema_name |
INSTANCE inst_name | FUNCTION func_name |
RESOURCE res_name | JOB job_name
project_subject ::= USER full_username | ROLE role_name
In the following example, the user firstname.lastname@example.org has been added into a project named $user_project_name. However, email@example.com must first be granted with the permissions to create tables, describe tables, and select tables. To grant these permissions, run the following commands on the MaxCompute console:
grant CreateTable on PROJECT $user_project_name to USER firstname.lastname@example.org;
-- Grant 'Create Table' permission on project "$user_project_name" to email@example.com.
grant Describe to Table $user_table_name to USER firstname.lastname@example.org;
-- Grant ‘Describe’ permission on table ‘$user_table_name’ to email@example.com.
grant Execute on Function $user_function_name to USER firstname.lastname@example.org;
-- Grant ‘Execute’ permission on function ‘$user_function_name’ to email@example.com.
To view the permissions of a specified user, run the following command:
show grants for $user_name;
For more information about showing grants, see Show Grants.