As the developer role has the permission to delete tables, some users worry that its direct operation on the tables in the production environment may affect data security. This article explains how to ascertain data security of your production environment.
The overall process of solving the data security problem is shown as follows:
- Create two projects, one development project and the other production project. For example: Project_A and Project_B.
Enter the Project Management page of Project_A, and specify that the project is released under Project_B. Then these two projects are associated, and you can release tasks using the release feature.
In MaxCompute Configuration under Project Management, configure to use the personal account to access MaxCompute resources. See the following figure.
Edit codes and configure tasks in Project_A.
Release the edited codes and tasks to Project_B using the Release feature.
If you want to operate the tables under the production project, you can enter the Data Management page to apply for permissions to production project tables. The developer role can query the data of production project tables in Project_A using Project_B table (only the table query permission, and no drop table permission is granted).
You can apply for permissions to the table, and also permissions to resources and functions in the Data Management page.
When Project_A is released to Project_B, some project-level configurations of Project_A are not released, such as data sources, tables, resources, and functions, which are rebuilt in Project_B.