All Products
Search
Document Center

DataWorks:CreatePermissionApplyOrder

Last Updated:Jun 27, 2026

Creates a permission request order. Note: The 2020 edition of OpenAPI will be deprecated soon. Migrate to the 2024 edition of OpenAPI as soon as possible — ApplyResourceAccessPermission.

Operation description

Note: The 2020 edition of OpenAPI will be deprecated soon. Migrate to the 2024 edition of OpenAPI as soon as possible — ApplyResourceAccessPermission.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

dataworks:*

create

*All Resource

*

None None

Request parameters

Parameter

Type

Required

Description

Example

ApplyUserIds

string

Yes

The UIDs of the Alibaba Cloud accounts for which permissions are requested. Separate multiple account UIDs with commas (,).

26784260040899****,26784260040899****

Deadline

integer

No

The expiration time of the requested permissions. Specify a UNIX timestamp. If you do not specify this parameter, the default expiration time is January 1, 2065. If LabelSecurity is not enabled for the MaxCompute project, or the security level of the requested table field is 0 or less than or equal to the security level of the requesting account, you can request only permanent permissions. Go to the management page of the DataWorks workspace and check the advanced configuration page of the MaxCompute engine to verify whether column-level access control is enabled. Go to the DataWorks workspace to view the security level of fields in Data Map and the security level of accounts on the Member Management page.

1617115071885

ApplyReason

string

Yes

The reason for the request. This is used by the administrator for evaluation and approval.

I need to use this table

MaxComputeProjectName

string

No

The name of the MaxCompute project for which permissions are requested.

aMaxcomputeProjectName

WorkspaceId

integer

No

The ID of the DataWorks workspace to which the MaxCompute project belongs. Go to the DataWorks workspace configuration page to obtain the workspace ID.

12345

OrderType deprecated

integer

No

This field is deprecated. Set it to empty.

1

EngineType deprecated

string

No

This field is deprecated. Set it to empty.

odps

ApplyObject

array<object>

Yes

The list of objects for which permissions are requested.

array<object>

No

The response object.

Actions

string

No

The permission types to request. Separate multiple permission types with commas (,). Only Select, Describe, Drop, Alter, Update, and Download types are supported.

Select,Describe

ColumnMetaList

array<object>

No

The list of column objects.

object

No

The response object.

Name

string

No

The name of the column for which permissions are requested. To request permissions on the entire table, enter all column names of the table. You can request permissions on specific columns only if LabelSecurity is enabled for the MaxCompute project. If LabelSecurity is not enabled, you can request permissions only on the entire table.

aColumnName

Actions

string

No

The permission types to request. Separate multiple permission types with commas (,). Only Select, Describe, and Download types are supported.

Select

Name

string

No

The object for which permissions are requested. Only MaxCompute table permissions are supported. Enter the name of the target table.

aTableName

ApplyType

string

No

The type of the request order. Valid values:

  • MaxComputeTable: MaxCompute table permission request order.

  • MaxComputeFunction: MaxCompute function permission request order.

  • MaxComputeResource: MaxCompute resource permission request order.

  • DLFSchema: Data Lake Formation (DLF) 1.0 schema permission request order.

  • DLFTable: DLF 1.0 table permission request order.

  • DLFColumn: DLF 1.0 column permission request order.

  • DsApiDeploy: Data service publication permission request order.

MaxComputeTable

CatalogName

string

No

The name of the data catalog to query. Go to the Data Lake Formation console to view the data catalog name.

hive

Response elements

Element

Type

Description

Example

object

The response object.

RequestId

string

The request ID.

0bc1ec92159376****

FlowId

array

The list of flow IDs.

string

The ID of the generated request order. If you request permissions on multiple objects that have different approvers, multiple request orders are generated based on different approvers, and an array is returned.

ee276e6e-5d34-46d8-b848-bca7879ed233

Examples

Success response

JSON format

{
  "RequestId": "0bc1ec92159376****",
  "FlowId": [
    "ee276e6e-5d34-46d8-b848-bca7879ed233"
  ]
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.