DataService Studio permission list - Dataphin - Alibaba Cloud Documentation Center

After an Alibaba Cloud account activates DataService Studio, you can add RAM users as DataService Studio members and assign roles to grant them corresponding operation permissions. This topic describes the roles that can be assigned to users in DataService Studio, the permission scope of each role, and the specific permissions of each role.

Role description

The following table describes the roles that can be assigned to users in DataService Studio and the permission scope of each role.

User

Description of the role assigned to a user in DataService Studio

Description of the permissions of the role

super administrator

In the exclusive (semi-managed) mode or on-premises deployment mode, you can specify a super administrator in the metadata warehouse tenant.

Has all execution permissions of DataService Studio.

Because the permission scope is wide, we recommend that after the user completes the initial settings and creates service projects, employees with roles such as developer, O&M user, or business application user use the Alibaba Cloud account.

other user

You can synchronize other users to Dataphin, add them as DataService Studio members, and assign different roles to implement fine-grained permission management for DataService Studio. The roles include the following:

System administrator
Service project administrator
Developer
O&M user
Tenant member, regular application member, and application owner (These roles do not exist in Dataphin and are for reference only in this topic.)

System Administrator: In addition to the permissions of a service project administrator, a system administrator can also manage system settings, network configurations.
Tenant member: All members in the current tenant.
Service Project Administrator: Manages service projects, including the resources and members within the projects.
Developer: a user with the developer role in a service project can develop APIs and call APIs.
O&M User: a user with the O&M user role in a service project is responsible for service monitoring, including monitoring API operations, abnormal APIs, and affected applications.
Regular application member: Includes service project administrators, developers, O&M users, application members, and service unit development members.
Application owner: Includes application owners, API owners, and service unit owners.

DataService Studio marketplace

Permission	System administrator	Tenant member	Service project administrator	Developer	O&M user	Regular application member	Application owner
View API list	-	Y	-	-	-	-	-
View API documents	-	Y	-	-	-	-	-
Download API documents	-	Y	-	-	-	-	-
Request API	-	Y	-	-	-	-	-

DataService Studio application management

Permission		System administrator	Tenant member	Service project administrator	Developer	O&M user	Regular application member	Application owner
Authorized API services	View authorized API service list	-	Y	-	-	-	Y	-
	Debug API	-	Y	-	-	-	Y	-
	Return API permission	-	Y	-	-	-	-	Y
My Applications	View application list	-	Y	-	-	-	Y	-
	Create application	-	Y	-	-	-	-	-
	Edit & delete application	-	-	-	-	-	-	Y
	Request application	-	-	-	-	-	-	-
	Application member management (add/delete members, modify member roles/validity)	-	-	-	-	-	-	Y
	Display & copy application AppSecret	-	-	-	-	-	Y	-
	Reset application AppSecret	-	-	-	-	-	-	Y
	Configure IP whitelist	-	-	-	-	-	-	Y
Call instructions	View API call example	-	Y	-	-	-	-	-
	Edit API call example	-	-	-	-	-	-	-
	Download SDK	-	Y	-	-	-	-	-
	Download JDBC JAR package	-	Y	-	-	-	-	-
Application call analysis	View call analysis for joined applications	-	-	-	-	-	Y	-
Call logs	View call logs for joined applications	-	-	-	-	-	Y	-

DataService Studio development

Feature permission		System administrator	Tenant member	Service project administrator	Developer	O&M user	Regular application member	Application owner
API	View API list	-	-	Y	Y	-	-	-
	Create API	-	-	Y	Y	-	-	-
	Edit & delete API	-	-	Y	Y	-	-	-
	Test & publish API	-	-	Y	Y	-	-	-
	View API details	-	-	Y	Y	-	-	-
	Transfer API owner	-	-	Y	Y	-	-	-
Service unit	View service unit list	-	-	Y	Y	-	-	-
	Create service unit	-	-	Y	Y	-	-	-
	Edit service unit	-	-	Y	Y	-	-	-
	View service unit details	-	-	Y	Y	-	-	-
	Submit service unit	-	-	Y	Y	-	-	-
	Publish service unit	-	-	Y	Y	-	-	-
	Delete service unit	-	-	Y	Y	-	-	-
	Transfer service unit owner	-	-	Y	Y	-	-	-
Metadata	View authorized metadata list	-	-	Y	Y	-	-	-
	Create metadata	-	-	Y	Y	-	-	-
	Edit & delete metadata	-	-	Y	Y	-	-	-

Service operations management

Feature permission	System administrator	Tenant member	Service project administrator	Developer	O&M user	Regular application member	Application owner
O&M dashboard (API call statistics (excluding abnormal affected APP count), abnormal impact analysis - TOP10 abnormally affected APIs, trend analysis (excluding affected APP count), API operation status)	-	-	Y	-	Y	-	-
Abnormal impact analysis - TOP10 abnormally affected APPs	-	-	Y	-	Y	-	-
Access trend analysis	-	-	Y	-	Y	-	-
API throttling configuration	-	-	Y	-	Y	-	-
API alert configuration	-	-	Y	-	Y	-	-
API call log query	-	-	Y	-	Y	-	-

DataService Studio management

Only super administrators can create service projects and configure networks . Network configuration operations include enabling and disabling public second-level domain names, enabling and disabling internal VPC domain names, attaching independent domain names, and viewing API gateway domain names.

Feature permission		System administrator	Tenant member	Service project administrator	Developer	O&M user	Regular application member	Application owner
Project management	View project list	Y	-	Y	Y	Y	-	-
	Create project	Y	-	-	-	-	-	-
	Edit & delete project	Y	-	Y	-	-	-	-
	Member management (add, edit, or remove members individually or in batches)	Y	-	Y	-	-	-	-
	View project member management	Y	-	Y	-	-	-	-
Project management- Group management	View group management	Y	-	Y	Y	Y	-	-
	Create service unit group	Y	-	Y	Y	-	-	-
	Edit & delete service unit group	Y	-	Y	Y	-	-	-
	Create API group	Y	-	Y	Y	-	-	-
	Edit & delete API group	Y	-	Y	Y	-	-	-
Application management	Create application group	Y	-	-	-	-	-	-
Application management	Edit & delete application group	Y	-	-	-	-	-	-
System configuration	API call authentication configuration	Y	-	-	-	-	-	-
	Token-based authentication	Y	-	-	-	-	-	-
	API cached data storage location	Y	-	-	-	-	-	-
	SQL injection validation	Y	-	-	-	-	-	-
	Log and O&M statistics settings	Y	-	-	-	-	-	-
Network configuration	Enable and disable public second-level domain name	Y	-	-	-	-	-	-
	Enable and disable internal VPC domain name	Y	-	-	-	-	-	-
	View API gateway and domain name	Y	-	Y	Y	Y	-	-
	Set API gateway (Alibaba Cloud Gateway & built-in gateway)	-	-	-	-	-	-	-
	View API gateway domain name	Y	-	Y	Y	Y	-	-