This topic describes how to add a project role and grant permissions to users by using the role.

Scenario

Jack is the administrator of the prj1 project. Three members Alice, Bob, and Charlie are added as data reviewers. The data reviewers require the permissions to view table lists, submit jobs, and read data from the table userprofile.

In this case, the project administrator can use object-based ACL authorization to grant permissions.

Procedure

The project administrator Jack runs the following commands.
  1. Enter the prj1 project.
    use prj1;
  2. Add new users Alice, Bob, and Charlie to the prj1 project.
    add user aliyun$alice@aliyun.com; 
    add user aliyun$bob@aliyun.com;
    add user aliyun$charlie@aliyun.com;
  3. Create a data reviewer role named tableviewer.
    create role tableviewer;
  4. Grant permissions to the tableviewer role.
    grant List, CreateInstance on project prj1 to role tableviewer;
    grant Describe, Select on table userprofile to role tableviewer;
  5. Assign the tableviewer role to the new users.
    grant tableviewer to aliyun$alice@aliyun.com; 
    grant tableviewer to aliyun$bob@aliyun.com;
    grant tableviewer to aliyun$charlie@aliyun.com;