As described in User Authorization and Show Grants, users can operate MaxCompute only after being added to a MaxCompute project, and granted the relevant access permissions.
To grant identical access permissions of objects to multiple users, a project administrator can group permissions into a role. Multiple users can exist in one role simultaneously, and a user can belong to multiple roles.
CREATE ROLE <roleName>;
In the following example, a role named “player” is created:
create role player;
GRANT <roleName> TO <full_username>;
In the following example, the user ‘firstname.lastname@example.org’ is used:
grant player to email@example.com;
REVOKE <roleName> FROM <full_username>;
revoke player from firstname.lastname@example.org;
In the preceding example, the user ‘email@example.com’ is revoked from the role ‘player’.
To drop a role is to delete the role from your MaxCompute project.
DROP ROLE <roleName>;
drop role player;
In the preceding example, the role ‘player’is deleted.