edit-icon download-icon

Create and Authorize Roles

Last Updated: May 04, 2018

As described in User Authorization and Show Grants, users can operate MaxCompute only after being added to a MaxCompute project, and granted the relevant access permissions.

To grant identical access permissions of objects to multiple users, a project administrator can group permissions into a role. Multiple users can exist in one role simultaneously, and a user can belong to multiple roles.

Create roles

  1. CREATE ROLE <roleName>;

In the following example, a role named “player” is created:

  1. create role player;

Grant a role to user

  1. GRANT <roleName> TO <full_username>;

In the following example, the user ‘bob@alibabacloud.com’ is used:

  1. grant player to bob@alibabacloud.com;

User bob@alibabaclouud.com is now granted the role ‘player’. Role authorization statement is similar to user authorization. See User Authorization and Show Grants and User or Role Authorization.

Revoke roles from users

  1. REVOKE <roleName> FROM <full_username>;

For example:

  1. revoke player from bob@alibabaclouud.com;

In the preceding example, the user ‘bob@alibabaclouud.com’ is revoked from the role ‘player’.

Drop role

To drop a role is to delete the role from your MaxCompute project.

  1. DROP ROLE <roleName>;

For example:

  1. drop role player;

In the preceding example, the role ‘player’is deleted.

Notes:

Thank you! We've received your feedback.