As described in User Authorization and Show Grants, all users can operate MaxCompute only after added in MaxCompute and granted appropriate privileges.Since there are a number of users existing in a project, the authorization action will be very tedious. In this case, project administrator can classify the users who have the same privileges and each category has the same privileges, which we call “role“. Multiple users can exist in one role simultaneously; a user can belong to multiple roles. After granting privileges to a role, all users of this role will have the same privileges.
CREATE ROLE <roleName>;
For example, create a role “player”:
create role player;
GRANT <roleName> TO <full_username>;
grant player to firstname.lastname@example.org;
REVOKE <roleName> FROM <full_username>;
revoke player from email@example.com;
Remove the user ‘firstname.lastname@example.org’from the role ‘player’.
To drop a role, use the following command:
DROP ROLE <roleName>;
drop role player;
Delete the role ‘player’.