:AliyunServiceRoleForDataWorksScheduler service-linked role

Scenarios

Trigger-based workflows in DataWorks monitor Object Storage Service (OSS) events through EventBridge to trigger other workflows. You must authorize the AliyunServiceRoleForDataWorksScheduler service-linked role to grant DataWorks the necessary permissions to access EventBridge and OSS.

DataWorks uses this service-linked role (AliyunServiceRoleForDataWorksScheduler) to manage your resources in EventBridge and access resources in other cloud services, such as OSS, when you perform the following operations:

• Create, update, delete, or roll back trigger configurations.

• Attach triggers to workflows.

Introduction to AliyunServiceRoleForDataWorksScheduler

• Service-linked role name: AliyunServiceRoleForDataWorksScheduler.

• Associated system policy: AliyunServiceRolePolicyForDataWorksScheduler.

• Permission description: The DataWorks scheduling service uses this role to manage your resources in EventBridge and access resources in cloud services, such as Object Storage Service (OSS).

  1. Go to the Resource Access Management (RAM) console and choose Identities > Roles to view information about the service-linked role.

  2. Click the service-linked role name. On the Permissions tab, you can view the information about the associated system policy.

     {
       "Effect": "Allow",
       "Action": [
         "eventbridge:GetRule",
         "eventbridge:ListRules",
         "eventbridge:CreateRule",
         "eventbridge:DeleteRule",
         "eventbridge:DisableRule",
         "eventbridge:EnableRule",
         "eventbridge:UpdateRule",
         "eventbridge:GetEventBus",
         "eventbridge:ListEventStreamings",
         "eventbridge:DeleteEventStreaming",
         "eventbridge:PauseEventStreaming",
         "eventbridge:StartEventStreaming",
         "eventbridge:GetEventStreaming",
         "eventbridge:UpdateEventStreaming",
         "eventbridge:CreateEventStreaming",
         "eventbridge:CreateEventBus",
         "eventbridge:CreateEventSource",
         "eventbridge:DeleteEventSource",
         "oss:ListObjects",
         "oss:ListBuckets"
       ],
       "Resource": "*"
     }

Delete the service-linked role

You can delete the service-linked role in the RAM console. If this role is deleted, the DataWorks scheduling service can no longer manage triggers. Before you delete the role, make sure that the following requirements are met:

• Unbind triggers from all published trigger-based workflows and republish the workflows.

• Delete all triggers in trigger management. For more information, see Manage triggers.

After you complete these steps, you can delete the service-linked role.