This topic describes how to add a project role and grant permissions to the role by using ACL.

Scenario

Jack is the administrator of the prj1 project. Three members Alice, Bob, and Charlie are added as data reviewers. They require the permissions to view table lists, submit jobs, and read the userprofile table. In this case, the project administrator can use object-based ACL authorization to grant permissions.

Procedure

The project administrator runs the following commands:
use prj1;
add user aliyun$alice@aliyun.com; -- Add a user.
add user aliyun$bob@aliyun.com;
add user aliyun$charlie@aliyun.com;
create role tableviewer; -- Create a role.
grant List, CreateInstance on project prj1 to role tableviewer; -- Grant permissions to the role.
grant Describe, Select on table userprofile to role tableviewer;
grant tableviewer to aliyun$alice@aliyun.com; -- Grant the tableviewer role to the user.
grant tableviewer to aliyun$bob@aliyun.com;
grant tableviewer to aliyun$charlie@aliyun.com;