Add users and grant permissions using ACL

Last Updated: Oct 28, 2017

Scenario: Jack is the administrator of project prj1. Three new data auditors, Alice, Bob, and Charlie, are added to the project team. They need to apply for the following permissions: view table lists, submit jobs, and read the table userprofile.

In this scenario, the project administrator can perform authorization by using the object-based ACL Authorization.

Procedure:

  1. use prj1;
  2. add user aliyun$alice@aliyun.com; --Add the user
  3. add user aliyun$bob@aliyun.com;
  4. add user aliyun$charlie@aliyun.com;
  5. create role tableviewer; --Create a role
  6. grant List, CreateInstance on project prj1 to role tableviewer; --Grant permissions to the role
  7. grant Describe, Select on table userprofile to role tableviewer;
  8. grant tableviewer to aliyun$alice@aliyun.com; --Grant the tableviewer role to the user
  9. grant tableviewer to aliyun$bob@aliyun.com;
  10. grant tableviewer to aliyun$charlie@aliyun.com;
Thank you! We've received your feedback.