DataWorks provides the following built-in workspace-level roles: Project Owner, Workspace Manager, Data Analyst, Development, O&M, Deploy, Visitor, Safety Manager, and Model Developer. This topic describes the permissions of these roles.

DataWorks provides built-in workspace-level roles. The following table describes the roles.
Role Description
Project Owner This role has all permissions on a workspace. In most cases, the owner of a workspace is an Alibaba Cloud account. For example, the Project Owner role can assign a role to a RAM user and remove a member that is not the owner of a workspace from the workspace.
Workspace Manager This role has all permissions of the Development and O&M roles. This role can also perform the following operations. For example, add a user to a workspace as a member, remove a member from a workspace, or create a custom resource group.
Data Analyst This role has permissions only on DataAnalysis. For more information about DataAnalysis, see Overview.
Development This role has permissions to perform design and maintenance operations on the DataStudio page of a workspace.
O&M This role has permissions to manage the execution of and perform the required operations on all nodes in a workspace in Operation Center.
Deploy This role has permissions to review the code of a node and determine whether to commit the node to Operation Center in a workspace in standard mode.
Visitor This role has read-only permissions on workflows and code on the DataStudio page of a workspace.
Safety Manager This role has permissions only on Data Security Guard. For more information about Data Security Guard, see Overview.
Model Developer This role has permissions to view models and modify parameter configurations in the Data Warehouse Planning, Data Standard, Dimensional Modeling, and Data Metric modules. This role has no permission to publish models.
The tables in the following sections describe the permissions of different built-in workspace-level roles on service modules. In the tables, Yes indicates that a role has the specified permission, and No indicates that a role does not have the specified permission. The built-in workspace-level roles also have specified permissions on the data of a compute engine instance in the development environment, such as MaxCompute. For more information, see Permissions of workspace-level roles.

Data management

Permission Project Owner Workspace Manager Data Analyst Development O&M Deploy Visitor Safety Manager Model Developer
Delete a self-created table Yes Yes No Yes No No No No No
Configure a category for a self-created table Yes Yes No Yes No No No No No
View a favorite table Yes Yes No Yes No No No No No
Create a table Yes Yes No Yes No No No No No
Show a self-created table Yes Yes No Yes No No No No No
Modify the schema of a self-created table Yes Yes No Yes No No No No No
View a self-created table Yes Yes No Yes No No No No No
View the content of a self-submitted permission request Yes Yes No Yes No No No No No
Hide a self-created table Yes Yes No Yes No No No No No
Configure the time to live (TTL) for a self-created table Yes Yes No Yes No No No No No
Request permissions on a table created by other users Yes Yes No Yes No No No No No
Update a table in the production environment Yes Yes No Yes Yes Yes No No No
Delete a table in the production environment Yes Yes No Yes No No No No No
Preview data Yes Yes No Yes Yes Yes Yes Yes No

Deployment management

Permission Project Owner Workspace Manager Data Analyst Development O&M Deploy Visitor Safety Manager Model Developer
Create a deployment task Yes Yes No Yes Yes No No No No
View the list of deployment tasks Yes Yes No Yes Yes Yes Yes No No
Delete a deployment task Yes Yes No Yes Yes No No No No
Run a deployment task Yes Yes No No Yes Yes No No No
View the content of a deployment task Yes Yes No Yes Yes Yes Yes No No

Button control

Permission Project Owner Workspace Manager Data Analyst Development O&M Deploy Visitor Safety Manager Model Developer
Stop Yes Yes No Yes No No No No No
Format Yes Yes No Yes No No No No No
Edit Yes Yes No Yes No No No No No
Run Yes Yes No Yes No No No No No
Zoom in Yes Yes No Yes No No No No No
Save Yes Yes No Yes No No No No No
Show/Hide Yes Yes No Yes No No No No No
Delete Yes Yes No Yes No No No No No

Code development

Permission Project Owner Workspace Manager Data Analyst Development O&M Deploy Visitor Safety Manager Model Developer
Save and commit the code of a node Yes Yes No Yes No No No No No
View the code of a node Yes Yes No Yes Yes Yes Yes No No
Write the code of a node Yes Yes No Yes No No No No No
Delete the code of a node Yes Yes No Yes No No No No No
View the code of nodes Yes Yes No Yes Yes Yes Yes No No
Run the code of a node Yes Yes No Yes No No No No No
Modify the code of a node Yes Yes No Yes No No No No No
Download a file Yes Yes No No No No No No No
Upload a file Yes Yes No Yes No No No No No

Function development

Permission Project Owner Workspace Manager Data Analyst Development O&M Deploy Visitor Safety Manager Model Developer
View details of a function Yes Yes No Yes Yes Yes Yes No No
Create a function Yes Yes No Yes No No No No No
Query a function Yes Yes No Yes Yes Yes Yes No No
Delete a function Yes Yes No Yes No No No No No

Node type selection

Permission Project Owner Workspace Manager Data Analyst Development O&M Deploy Visitor Safety Manager Model Developer
PAI Yes Yes No Yes No No No No No
ODPS MR Yes Yes No Yes No No No No No
Data Synchronization Yes Yes No Yes No No No No No
SQL Yes Yes No Yes No No No No No
XLIB Yes Yes No Yes Yes Yes Yes No No
Shell Yes Yes No Yes No No No No No
Zero load Yes Yes No Yes Yes Yes Yes No No
script_seahawks Yes Yes No Yes No No No No No
dtboost_analytic Yes Yes No Yes No No No No No
dtboost_recommend Yes Yes No Yes No No No No No
PyODPS Yes Yes No Yes No No No No No

Resource management

Permission Project Owner Workspace Manager Data Analyst Development O&M Deploy Visitor Safety Manager Model Developer
View the list of resources Yes Yes No Yes Yes Yes Yes No No
Delete a resource Yes Yes No Yes No No No No No
Create a resource Yes Yes No Yes No No No No No
Upload a JAR file Yes Yes No Yes No No No No No
Upload a TXT file Yes Yes No Yes No No No No No
Upload a file as an archive-type resource Yes Yes No Yes No No No No No

Workflow development

Permission Project Owner Workspace Manager Data Analyst Development O&M Deploy Visitor Safety Manager Model Developer
Run or stop a workflow Yes Yes No Yes No No No No No
Save a workflow Yes Yes No Yes No No No No No
View a workflow Yes Yes No Yes Yes Yes Yes No No
Commit the code of a node Yes Yes No Yes No No No No No
Modify a workflow Yes Yes No Yes No No No No No
View the list of workflows Yes Yes No Yes Yes Yes Yes No No
Change the owner of a workflow Yes Yes No No No No No No No
View the code of a node Yes Yes No Yes No No No No No
Delete a workflow Yes Yes No Yes No No No No No
Create a workflow Yes Yes No Yes No No No No No
Create a folder Yes Yes No Yes No No No No No
Delete a folder Yes Yes No Yes No No No No No
Modify a folder Yes Yes No Yes No No No No No

Data Integration

Permission Project Owner Workspace Manager Data Analyst Development O&M Deploy Visitor Safety Manager Model Developer
Edit a node Yes Yes No Yes No No No No No
View a node Yes Yes No Yes No No No No No
Delete a node Yes Yes No Yes No No No No No
Access the menu for managing data synchronization resources Yes Yes No Yes Yes Yes No No No
View the list of resource groups for data synchronization Yes Yes No Yes Yes Yes Yes No No
Create a resource group for data synchronization Yes Yes No Yes Yes Yes No No No
View the list of Elastic Compute Service (ECS) instances in a resource group for data synchronization Yes Yes No Yes Yes Yes No No No
Add an ECS instance to a resource group for data synchronization Yes Yes No Yes Yes Yes No No No
Remove an ECS instance from a resource group for data synchronization Yes Yes No Yes Yes Yes No No No
Modify an ECS instance in a resource group for data synchronization Yes Yes No Yes Yes Yes No No No
Obtain the AccessKey pair for accessing a resource group for data synchronization Yes Yes No Yes Yes Yes No No No
Delete a resource group for data synchronization Yes Yes No Yes Yes Yes No No No
Monitor resource consumption Yes Yes No No No No No No No
Change the resource group for nodes in Operation Center Yes Yes No Yes Yes Yes No No No
Access the menu for managing synchronization nodes Yes Yes No Yes Yes Yes No No No
Convert a node to a script Yes Yes No Yes Yes Yes No No No
Obtain the list of members in a project Yes Yes No Yes Yes Yes No No No
Call the API operation for writing the code of a node Yes Yes No Yes Yes Yes No No No
Call the API operation for saving or updating the code of a node Yes Yes No Yes Yes Yes No No No
Call the API operation for obtaining the code of a node based on the file ID Yes Yes No Yes Yes Yes Yes No No
Obtain the list of Data Integration nodes Yes Yes No Yes Yes Yes No No No
Call the API operation for querying a table Yes Yes No Yes Yes Yes No No No
Call the API operation for querying a field Yes Yes No Yes Yes Yes No No No
Call the API operation for querying a data source Yes Yes No Yes Yes Yes Yes No No
Call the API operation for creating a data source Yes Yes No No Yes No No No No
Call the API operation for querying the details of a data source Yes Yes No Yes Yes Yes No No No
Call the API operation for updating a data source Yes Yes No No Yes No No No No
Call the API operation for deleting a data source Yes Yes No No Yes No No No No
Test connectivity Yes Yes No Yes Yes Yes No No No
Preview data Yes Yes No Yes Yes Yes No No No
Check whether Tablestore Stream is activated Yes Yes No Yes Yes Yes No No No
Activate Tablestore Yes Yes No Yes Yes Yes No No No
Query a statement used to create a MaxCompute table Yes Yes No Yes Yes Yes No No No
Create a MaxCompute table Yes Yes No Yes Yes Yes No No No
Query the creation status of a MaxCompute table Yes Yes No Yes Yes Yes No No No
Migrate a database table Yes Yes No No No No No No No

Data Modeling

Permission Project Owner Workspace Manager Data Analyst Development O&M Deploy Visitor Safety Manager Model Developer
View a model Yes Yes Yes Yes Yes Yes Yes Yes Yes
Edit a model Yes Yes No Yes Yes No No No Yes
Publish a model Yes Yes No No Yes No No No No

DataAnalysis

Permission Project Owner Workspace Manager Data Analyst Development O&M Deploy Visitor Safety Manager Model Developer
View the DataAnalysis page Yes Yes Yes Yes Yes Yes Yes Yes Yes
Use DataAnalysis Yes Yes Yes Yes Yes Yes No Yes Yes
Note By default, a custom role does not have the permissions that are granted to the Data Analyst role. If you want to use DataAnalysis by assuming the custom role, you can ask the user that is assigned the Workspace Manager role to assign the Data Analyst role to you. For more information about how to assign a role to a workspace member, see Manage workspace-level roles and members. For more information about custom roles, see Permissions of workspace-level roles.