View and govern abnormal approvers who process permission requests on tables in Data Map - DataWorks

DataWorks lets you request permissions on tables and fields and provides request processing procedures. Approvers are granted request processing permissions. If exceptions occur on the Alibaba Cloud accounts of approvers, you must perform governance operations on these accounts promptly to ensure that requests can be processed. This topic describes how to view and govern abnormal approvers who process permission requests on tables in Data Map.

Trial limitations

The approver governance feature is in public preview. You are welcome to apply for a trial of the feature and provide your feedback.
DataWorks lets you govern only abnormal approvers who process permission requests on MaxCompute tables.

Go to the Approver Governance page

Log on to the DataWorks console. In the top navigation bar, select the desired region. In the left-side navigation pane, choose Data Governance > Data Map. On the page that appears, click Go to Data Map.
In the navigation pane on the left, click My Data, and the My Data > Owned By Me page appears by default.
In the navigation pane on the left, choose My Tools > Approver Governance. The Approver Governance page appears.

View abnormal approvers

On the Approver Governance page, you can view the list of abnormal approvers.

Note

This page displays the tables whose approvers need to be governed in workspaces where you are assigned the Workspace Administrator role.

Name	Description
Table Name	The name of the table. If you click the name of the table, the table details page appears.
Project	The name of the MaxCompute project to which the table belongs. If the table exists in different environments, a suffix is attached to the name of the MaxCompute project to which the table belongs. For example, the suffix _dev indicates the development environment.
Environment	The environment of the DataWorks workspace to which the table belongs. A DataWorks workspace can provide the development or production environment.
Abnormal Approver	Approver: the approver who processes permission requests on the table and is the owner of the table from the business perspective. You can view the approver of a table in the Data Map > Table Details Page > Table Basic Information section. Note By default, the approver is the user who creates the table. Table Owner: the table owner from the technical perspective. You can run the Desc command to query information about a MaxCompute table or view. The returned result contains information about the table owner.
Exception Cause	The detected possible causes for exceptions that occur on the approver. The causes are sorted by priority in descending order: If both the production and development environments are available, the approver of the table in the production environment is different from the approver of the table in the development environment. The Alibaba Cloud account of the approver of the table in the development or production environment does not exist. The approver of the table in the development or production environment is not a member of the current tenant.
Recommended Owner	The owner to whom the system recommends to transfer the approver role based on the exception causes and recommendation policies.
Recommendation Reason	The recommendation policies for the recommended owner. The policies are sorted by priority in descending order: For the table in the production environment, use a valid owner of the table in the development environment as the approver of the table in the production environment. Use the owner of the node that generates the current table as the approver of the table. Use the owner of the node that generates the table in the production environment as the approver of the related table in the development environment. Select an approver based on the configurations of the default security policy in Security Center. Use the entity receiver as the approver based on the configured workspace-level transfer rule. Use the administrator of the workspace to which the selected table belongs as the approver of the table. This recommendation policy is used in the scenario where Security Center is not deployed or activated, and the scenario where no transfer rule is configured for the desired workspace in Security Center.
Storage	The amount of data stored in the table.
Creation Time	The time when the table was created.
Update Time	The time when the table was last updated.
Actions	Valid values: Transfer and Add to Whitelist. For more information, see Transfer the approver role to others and Manage whitelists.
Batch Operation	Valid values: Transfer and Add to Whitelist. For more information, see Transfer the approver role to others and Manage whitelists.

Transfer the approver role to others

On the Approver Governance page, select one or more tables and click Transfer.
In the Transfer Table dialog box, configure the Transfer Type parameter:
1. Recommended: The recommended owner is used as the approver of the table. You can go to the Approver Governance page to preview the recommended owner.
2. Custom: You can specify a user as the approver of the table. Make sure that the specified user is within the workspace to which the selected table belongs.
Click Confirmation.
To view the transfer status and details, choose My Tools > Transfer Logs.

Manage whitelists

Add tables to a whitelist
If you do not need to perform exception detection and governance operations on the approvers and owners of specific tables, you can select the tables and click Add To Whitelist below the table list on the Approver Governance page to add the tables to the whitelist. You can also click Add to Whitelist in the Actions column to add one table to the whitelist at a time. The tables will not be displayed on the Approver Governance page when you open it again.
View the whitelist
On the Approver Governance page, click Manage Whitelist to view the details of the tables that you add to the whitelist.
Remove tables from the whitelist
On the Approver Governance page, click Manage Whitelist. In the Manage Whitelist dialog box, select the tables that you want to remove from the whitelist and click Remove From Whitelist. You can also click Remove from Whitelist in the Actions column to remove one table from the whitelist at a time. As a result, the tables will be redisplayed on the Approver Governance page.

View transfer logs

On the My Data page, choose My Tools > Transfer Logs.

View information about each transfer on the Transfer Logs page.

Name	Description
Transfer Task ID	The ID of a transfer task, which is the unique identifier of a transfer task. Each transfer, in which one or more tables are involved, generates a transfer task.
Operator	The user who performed the transfer.
Status	The status of a transfer task. Valid values: Successful, Failed, and Transferring.
Start Time	The start time of a transfer task.
End Time	The end time of a transfer task.
Actions	The actions that you can perform on a transfer task, including View Details.

Find the desired transfer task and click View Details in the Actions column. In the Transfer Log Details dialog box, you can view the information about the table on which the transfer is performed.

FAQ

Issue: When you perform a transfer operation, the error message "Execution timeout. Please try again." appears.

Solution: To transfer multiple tables, we recommend that you transfer them in batches. You can also perform the transfer using entity transfer.