Add users and grant permissions using ACL

Last Updated: May 10, 2018

In the following scenario, Jack is the project administrator of a project called prj1. In the scenario, three new data auditors, Alice, Bob, and Charlie, are added to the project team. They need to all apply for the following permissions: view table lists, submit jobs, and read the table userprofile.

In this scenario, the project administrator can perform authorization by using the object-based ACL Authorization.

The following procedure is performed by Jack, the project administrator:

  1. use prj1;
  2. add user aliyun$alice@aliyun.com; --Add the user
  3. add user aliyun$bob@aliyun.com;
  4. add user aliyun$charlie@aliyun.com;
  5. create role tableviewer; --Create a role
  6. grant List, CreateInstance on project prj1 to role tableviewer; --Grant permissions to the role
  7. grant Describe, Select on table userprofile to role tableviewer;
  8. grant tableviewer to aliyun$alice@aliyun.com; --Grant the tableviewer role to the user
  9. grant tableviewer to aliyun$bob@aliyun.com;
  10. grant tableviewer to aliyun$charlie@aliyun.com;
Thank you! We've received your feedback.