Add users and grant permissions using ACL

Last Updated: Oct 28, 2017

Scenario: Jack is the administrator of project prj1. Three new data auditors, Alice, Bob, and Charlie, are added to the project team. They need to apply for the following permissions: view table lists, submit jobs, and read the table userprofile.

In this scenario, the project administrator can perform authorization by using the object-based ACL Authorization.


  1. use prj1;
  2. add user aliyun$; --Add the user
  3. add user aliyun$;
  4. add user aliyun$;
  5. create role tableviewer; --Create a role
  6. grant List, CreateInstance on project prj1 to role tableviewer; --Grant permissions to the role
  7. grant Describe, Select on table userprofile to role tableviewer;
  8. grant tableviewer to aliyun$; --Grant the tableviewer role to the user
  9. grant tableviewer to aliyun$;
  10. grant tableviewer to aliyun$;
Thank you! We've received your feedback.