All Products
Search
Document Center

DataWorks:AliyunServiceRoleForDataWorksScheduler service-linked role

Last Updated:Jun 02, 2026

DataWorks requires the AliyunServiceRoleForDataWorksScheduler service-linked role to manage trigger-based workflows. This role grants DataWorks the permissions needed to access EventBridge and OSS on your behalf.

Scenarios

Trigger-based workflows in DataWorks monitor Object Storage Service (OSS) events through EventBridge to trigger other workflows. To enable this, DataWorks requires the AliyunServiceRoleForDataWorksScheduler service-linked role to access EventBridge and OSS on your behalf.

DataWorks uses this role (AliyunServiceRoleForDataWorksScheduler) whenever you perform the following operations:

  • Create, update, delete, or roll back trigger configurations.

  • Attach triggers to workflows.

Role details

  • Service-linked role name: AliyunServiceRoleForDataWorksScheduler.

  • Associated system policy: AliyunServiceRolePolicyForDataWorksScheduler.

  • Permission description: The DataWorks scheduling service uses this role to access the following services on your behalf:

    • EventBridge: Create and manage event buses, event sources, event rules, and event streamings to support trigger-based workflow execution.

    • Object Storage Service (OSS): List buckets and objects to monitor OSS events that trigger workflows.

    To view the full permission details, follow these steps:

    1. Go to the Resource Access Management (RAM) console and choose Identities > Roles.

    2. Click the service-linked role name. On the Permissions tab, view the associated system policy:

      {
        "Effect": "Allow",
        "Action": [
          "eventbridge:GetRule",
          "eventbridge:ListRules",
          "eventbridge:CreateRule",
          "eventbridge:DeleteRule",
          "eventbridge:DisableRule",
          "eventbridge:EnableRule",
          "eventbridge:UpdateRule",
          "eventbridge:GetEventBus",
          "eventbridge:ListEventStreamings",
          "eventbridge:DeleteEventStreaming",
          "eventbridge:PauseEventStreaming",
          "eventbridge:StartEventStreaming",
          "eventbridge:GetEventStreaming",
          "eventbridge:UpdateEventStreaming",
          "eventbridge:CreateEventStreaming",
          "eventbridge:CreateEventBus",
          "eventbridge:CreateEventSource",
          "eventbridge:DeleteEventSource",
          "oss:ListObjects",
          "oss:ListBuckets"
        ],
        "Resource": "*"
      }

Delete the service-linked role

You can delete this role only if you no longer use trigger-based workflows. If this role is deleted, the DataWorks scheduling service can no longer manage triggers. Before deleting the role, complete the following steps in order:

  • Unbind triggers from all published trigger-based workflows and republish the workflows.

  • Delete all triggers in trigger management. For more information, see Manage triggers.

After completing these steps, delete the service-linked role in the RAM console.