Creates a permission request order.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreatePermissionApplyOrder

The operation that you want to perform. Set the value to CreatePermissionApplyOrder.

RegionId String Yes cn-shanghai

The region ID. For example, the ID of the China (Shanghai) region is cn-shanghai, and the ID of the China (Zhangjiakou) region is cn-zhangjiakou. The system automatically determines the value of this parameter based on the endpoint that is used to call the operation.

ApplyUserIds String Yes 267842600408993176,267842600408993177

The ID of the Alibaba Cloud account for which you want to request permissions. If you want to request permissions for multiple Alibaba Cloud accounts, separate the IDs of the accounts with commas (,).

Deadline Long No 1617115071885

The expiration time of the permissions that you request. This value is a UNIX timestamp. If you do not specify a value for this parameter, January 1, 2065 is used as the expiration time.

If LabelSecurity is disabled for the MaxCompute project in which you want to request permissions on the fields of a table, or the security level of the fields is 0 or is lower than or equal to the security level of the Alibaba Cloud account for which you want to request permissions, you can request only permanent permissions.

You can go to the Workspace Management page of the DataWorks console, click MaxCompute Management in the left-side navigation pane, and then check whether column-level access control is enabled.

You can go to your DataWorks workspace, view the security level of the fields in Data Map, and then view the security level of the Alibaba Cloud account on the User Management page.

ApplyReason String Yes I need to use this table

The reason for your request. The administrator determines whether to approve the request based on the reason.

MaxComputeProjectName String Yes aMaxcomputeProjectName

The name of the MaxCompute project in which you request permissions on the fields of a table.

WorkspaceId Integer Yes 12345

The ID of the DataWorks workspace that is associated with the MaxCompute project in which you want to request permissions on the fields of a table. You can go to the Workspace Management page in the DataWorks console to query the workspace ID.

OrderType Integer No 1

The type of the permission request order. The parameter value is 1 and cannot be changed. This value indicates ACL-based authorization.

EngineType String No odps

The type of the compute engine instance in which you want to request permissions on the fields of a table. The parameter value is odps and cannot be changed. This value indicates that you can request permissions only on fields of tables in MaxCompute compute engine instances.

ApplyObject.N.Actions String Yes Select,Describe

The permission that you want to request. If you want to request multiple permissions at the same time, separate them with commas (,). You can request only the SELECT, DESCRIBE, and DOWNLOAD permissions.

ApplyObject.N.ColumnMetaList.N.Name String Yes aColumnName

The field on which you want to request permissions. If you want to request permissions on an entire table, enter all fields in the table.

You can request permissions on specific fields of a table in a MaxCompute project only after LabelSecurity is enabled for this project. If LabelSecurity is disabled, you can request permissions only on an entire table.

ApplyObject.N.Name String Yes aTableName

The name of the object on which you want to request permissions. You can request permissions only on MaxCompute tables. Set this parameter to the name of the table on which you want to request permissions.

Response parameters

Parameter Type Example Description
RequestId String 0bc1ec92159376****

The ID of the request.

FlowId Array of String ee276e6e-5d34-46d8-b848-bca7879ed233

The ID of the request order. If you request permissions on multiple objects but each object has a different request approver, one request order is generated for each object and is sent to the related approver. In this case, an array is returned.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CreatePermissionApplyOrder
&ApplyObject.1.Actions=Select,Describe
&ApplyObject.1.ColumnMetaList.1.1ame=aColumnName
&ApplyObject.1.1ame=aTableName
&ApplyReason=I need to use this table
&ApplyUserIds=267842600408993176,267842600408993177
&MaxComputeProjectName=aMaxcomputeProjectName
&RegionId=cn-shanghai
&WorkspaceId=12345
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<CreatePermissionApplyOrderResponse>
    <FlowId>ee276e6e-5d34-46d8-b848-bca7879ed233</FlowId>
    <RequestId>0bc1ec92159376****</RequestId>
</CreatePermissionApplyOrderResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "FlowId" : "ee276e6e-5d34-46d8-b848-bca7879ed233",
  "RequestId" : "0bc1ec92159376****"
}

Error codes

For a list of error codes, visit the API Error Center.