DataWorks requires the AliyunServiceRoleForDataWorksScheduler service-linked role to manage trigger-based workflows. This role grants DataWorks the permissions needed to access EventBridge and OSS on your behalf.
Scenarios
Trigger-based workflows in DataWorks monitor Object Storage Service (OSS) events through EventBridge to trigger other workflows. To enable this, DataWorks requires the AliyunServiceRoleForDataWorksScheduler service-linked role to access EventBridge and OSS on your behalf.
DataWorks uses this role (AliyunServiceRoleForDataWorksScheduler) whenever you perform the following operations:
Create, update, delete, or roll back trigger configurations.
Attach triggers to workflows.
Role details
Service-linked role name:
AliyunServiceRoleForDataWorksScheduler.Associated system policy:
AliyunServiceRolePolicyForDataWorksScheduler.-
Permission description: The DataWorks scheduling service uses this role to access the following services on your behalf:
EventBridge: Create and manage event buses, event sources, event rules, and event streamings to support trigger-based workflow execution.
Object Storage Service (OSS): List buckets and objects to monitor OSS events that trigger workflows.
To view the full permission details, follow these steps:
Go to the Resource Access Management (RAM) console and choose .
-
Click the service-linked role name. On the Permissions tab, view the associated system policy:
{ "Effect": "Allow", "Action": [ "eventbridge:GetRule", "eventbridge:ListRules", "eventbridge:CreateRule", "eventbridge:DeleteRule", "eventbridge:DisableRule", "eventbridge:EnableRule", "eventbridge:UpdateRule", "eventbridge:GetEventBus", "eventbridge:ListEventStreamings", "eventbridge:DeleteEventStreaming", "eventbridge:PauseEventStreaming", "eventbridge:StartEventStreaming", "eventbridge:GetEventStreaming", "eventbridge:UpdateEventStreaming", "eventbridge:CreateEventStreaming", "eventbridge:CreateEventBus", "eventbridge:CreateEventSource", "eventbridge:DeleteEventSource", "oss:ListObjects", "oss:ListBuckets" ], "Resource": "*" }
Delete the service-linked role
You can delete this role only if you no longer use trigger-based workflows. If this role is deleted, the DataWorks scheduling service can no longer manage triggers. Before deleting the role, complete the following steps in order:
Unbind triggers from all published trigger-based workflows and republish the workflows.
Delete all triggers in trigger management. For more information, see Manage triggers.
After completing these steps, delete the service-linked role in the RAM console.