Add workspace members

This topic describes how to add workspace members and assign roles to them. This topic also describes the permissions of each role.

1. Go to the Workspace Management page of the workspace to which you want to add members.
   1. Log on to the DataWorks console.
   2. In the left-side navigation pane, click Workspaces.
   3. On the Workspaces page, find the workspace to which you want to add members and click Workspace Settings in the Actions column.
   4. In the Workspace Settings pane, click More. The Workspace Management page appears.
      You can also click Data Analytics in the Actions column of the workspace on the Workspaces page. On the DataStudio page, click the icon in the upper-right corner to go to the Workspace Management page.
2. In the left-side navigation pane, click User Management.
3. On the User Management page, click Add Member in the upper-right corner.
4. In the Add Member dialog box, click Refresh. All the created RAM users under your Alibaba Cloud account appear in the Account to be added section.
   

   Note If you need to create more RAM users, click RAM Console in the Add Member dialog box to go to the RAM console and create RAM users as required. For more information about how to create a RAM user and allocate the RAM user to a person, see Prepare an Alibaba Cloud account.
5. Select RAM users in the Account to be added section and click the > icon to move them to the Added account section.
6. Select the roles to be assigned to the RAM users and click Confirm.
   

   Notice You must move RAM users from the Account to be added section to the Added account section before you assign roles to them.
7. Go to the User Management page and view or modify the roles of each added member. You can click Remove in the Operation column of a member to delete the member.
   You can assign the following roles to workspace members: Owner, Space Administrator, Development, Operation & Maintenance (O & M), Deployment, Visitors, and Security Administrator. The creator of a workspace is assigned the Space Administrator role by default.

   Role	Description
   Owner	The member with this role has full permissions on the workspace.
   Space Administrator	This role has all permissions of the Development and Operation & Maintenance (O & M) roles. A member with this role can also manage the workspace. For example, the member can add and delete workspace members and create custom resource groups.
   Development	A member with this role can design and maintain nodes on the DataStudio page in the workspace.
   Operation & Maintenance (O & M)	A member with this role can manage the running of all nodes in the workspace in Operation Center.
   Deployment	In a workspace in standard mode, a member with this role can review the code of each node and determine whether to commit the nodes to Operation Center.
   Visitors	A member with this role can only view workflows and code on the DataStudio page in the workspace.
   Security Administrator	A member with this role can perform operations only in Data Security Guard. For more information, see Data Security Guard.

   Note After you add a RAM user as a workspace member, the RAM user can log on to the DataWorks console and access the workspace. The RAM user must update the AccessKey pair in the DTplus console after the logon. For more information, see Use a RAM user.

   The following table compares the permissions of roles in MaxCompute projects and DataWorks workspaces.

   MaxCompute role	MaxCompute permission	DataWorks role	DataWorks permission
   Project Owner	This role has all permissions on a project created in MaxCompute.	N/A	N/A
   Super_Administrator	This role has permissions on all types of resources in a project and management permissions on the project.	N/A	N/A
   Admin	When you create a project, the system automatically creates an Admin role for this project and grants the following permissions to the role: access all objects in the project, manage users or roles, and authorize users or roles. Unlike a project owner, an Admin role is not authorized to perform the following operations: assign the role permissions to users, set security policies for projects, modify the authentication model for projects, and modify the role permissions. The project owner can assign an Admin role to a user and authorize this user for security management.	N/A	N/A
   Role_Project_Admin	This role has all permissions on projects, tables, functions, resources, instances, jobs, and packages of a workspace.	Project administrator	The administrator of a project. This role has permissions to manage the basic properties, data sources, computing engine configurations, and project members in the project. It can also assign administrator, developer, OAM, deployment, and visitor roles to other project members.
   Role_Project_Dev	This role has all permissions on projects, functions, resources, instances, jobs, packages, and tables of a workspace.	Developer	This role has the permissions to create or delete tables, create workflows, script files, resources, user-defined functions (UDFs), and publish packages. However, this role does not have permissions to publish jobs.
   Role_Project_Pe	This role has all permissions on projects, functions, resources, instances, and jobs of a workspace. It also has READ permissions on packages and both READ and DESCRIBE permissions on tables of a workspace.	OAM role	This role has the publish and online OAM permissions that are granted by the project administrator. However, this role does not have the permissions to develop data.
   Role_Project_Deploy	By default, this role does not have any permissions.	Deployment role	This role has the same permissions as the OAM role, except for the online OAM permissions.
   Role_Project_Guest	By default, this role does not have any permissions.	Visitor	This role can view data, but cannot edit workflows or code.
   Role_Project_Security	By default, this role does not have any permissions.	Security administrator	This role is only used to configure sensitivity rules and audit data risks in Data Security Guard.