Submits an application for access permissions on a specific resource.
Operation description
Request Description
Reason: The reason for the application. This parameter is required.
ApplyContents: Contains multiple resource permission application contents, each including the resource description (Resource), grantee description (Grantee), permission types (AccessTypes), and permission expiration time (ExpirationTime). The maximum limit per request is 400 entries.
Resource: The resource description. You need to specify the ResourceSchema.name and version that the resource parsing depends on, as well as the resource metadata MetaData.
Grantee: The grantee description. You need to specify the grantee type (PrincipalType) and the principal ID (PrincipalId).
AccessTypes: The list of permission types. Multiple permission combinations are supported.
ExpirationTime: The permission expiration time, provided as a milliseconds timestamp.
AuthMethod: An optional parameter that specifies the authorization method. The system uses the built-in default authorization method if not specified.
ClientToken: The client token used to prevent duplicate requests. This parameter is optional.
Ensure all required fields are filled in correctly and comply with the corresponding constraints. For example, DefVersion and MetaData in Resource should match the selected DefSchema.
Try it now
Test
RAM authorization
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| Reason |
string |
Yes |
The reason for the application. |
业务发展需要 |
| ApplyContents |
array<object> |
Yes |
The list of resource permission application contents. |
|
|
array<object> |
No |
|||
| Resource |
object |
No |
The resource description. |
|
| DefSchema |
string |
Yes |
The resource type. Note: The resource types supported for application are constrained by ResourceSchema.name. Appendix: ResourceSchema documentation for international site Valid values:
|
MaxCompute |
| DefVersion |
string |
No |
The resource parsing version, which is constrained by ResourceSchema.version. |
v1.0.0 |
| MetaData |
object |
No |
The resource metadata declaration. Note: The metadata is constrained by ResourceSchema.resources. A valid resource declaration must include full-path metadata declarations from level 0 to validLeaf. Appendix: ResourceSchema documentation for international site |
|
|
any |
No |
Declares a specific resource in Map<String,Object> format. The declaration must comply with the resource constraints for the specific resource type in ResourceSchema. Note:
|
{ "workspace": "449656", "project": "sync_destination", "table": "order_table", "threeTierModel": false } |
|
| Grantee |
object |
Yes |
The grantee description. Note: The supported grantee types are constrained by ResourceSchema.authPrincipal. Appendix: ResourceSchema documentation for international site |
|
| PrincipalType |
string |
Yes |
The grantee type. Valid values:
Valid values:
|
RamRole |
| PrincipalId |
string |
Yes |
The grantee ID. The ID has different semantics depending on the grantee type:
|
ROLE_32237475848545 |
| AccessTypes |
array |
Yes |
The list of permissions to apply for. Note: Different resource levels support different permission types. They are uniformly constrained by ResourceSchema.isValidLeaf, accessTypeRestrictions, and authMethodAccessTypes. Appendix: ResourceSchema documentation for international site |
|
|
string |
No |
The resource permission. |
select |
|
| ExpirationTime |
integer |
No |
The permission expiration time, in milliseconds timestamp. |
1785835708000 |
| AuthMethod |
string |
No |
The authorization method. Currently, only SEVERLESS_STARROCKS supports specifying the authorization method: ranger or starrocksManager. Note: Different resources support different authorization methods, which are uniformly constrained by ResourceSchema.authMethods. Appendix: ResourceSchema documentation for international site Valid values:
|
ranger |
| ClientToken |
string |
No |
The idempotency parameter. Used to prevent duplicate operations caused by multiple calls. |
ABFUOEUOTRTRJKE |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
The response result. |
||
| RequestId |
string |
The request ID. Used for locating logs and troubleshooting issues. |
0bc5df3a17***903790e8e8a |
| Data |
array |
The list of application IDs. |
|
|
string |
The application/approval process ID. |
332066440109224007 |
Examples
Success response
JSON format
{
"RequestId": "0bc5df3a17***903790e8e8a",
"Data": [
"332066440109224007"
]
}
Error codes
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.