This topic describes how to enable project data protection. If project data protection is enabled, data can flow only within a project and is not allowed to flow out of the project.
Scenario
Jack is the administrator of the prj1 project. The project has a large amount of sensitive user data, such as user ID card numbers, shopping records, and proprietary algorithms used for data mining. Jack wants users in the project to access data only in the project. In this scenario, data can flow only within the project and is not allowed to flow out of the project. This improves data security.
Procedure
The project administrator Jack runs the following commands to enable project data
protection for the prj1 project:
use prj1;
set ProjectProtection=true; However, user Alice is allowed to export some data tables out of the project due to
business requirements after Alice obtains the approval of Jack. In such cases, MaxCompute
allows you to configure trusted projects so that data in a project can flow to its
trusted projects. In this example, you can run the following commands to configure
the prj2 project as a trusted project of the prj1 project. This way, all data in the
prj1 project is allowed to flow to the prj2 project.
use prj1;
add trustedproject prj2;