DataWorks allows the administrators of a workspace to manage the development behaviors of users and perform operations related to data development processes, data security, and auditing in DataStudio. This topic describes how administrators can perform management on data development processes, which can help you quickly have a command of the features of DataStudio.
Background information
The administrators of a workspace refer to the users that are assigned the Workspace Administrator or Workspace Owner role. The administrators have full permissions in the workspace and can perform operations on all DataWorks services. For more information about the permissions of roles, see Permissions of workspace-level roles.
Management items
DataStudio supports the following types of management items:
Different DataWorks editions may support different management features. You can refer to the related topic for the management features if you want to use a specific DataWorks edition. For more information about DataWorks editions, see Differences among DataWorks editions.
Process management and operation check
The following table describes the features that you can use to check and manage a data development process.
Feature | Description | References |
Management of permissions to develop and deploy nodes | You can use this feature to assign different roles to users. This way, you can control the permissions of users.
| |
Forcible code review | You can use the forcible code review feature to ensure the code quality of your nodes. After the forcible code review feature is enabled, a node can be deployed only after the code of the node is approved by the specified reviewer. Note You can control the priorities of baselines on which the forcible code review feature takes effect. This helps control the code quality of nodes that are associated with baselines with high priorities. This way, these nodes can run as expected and do not block other nodes. | |
Forcible smoke testing |
| |
Check process blocking based on checkpoints in extensions | You can verify related extensions or check items before you commit or deploy a node in a workspace.
| Extensions in DataWorks Open Platform Check items for data governance Data Modeling: intelligent data modeling service |
By default, nodes in a workspace in standard mode can be deployed to only the same workspace. If you want to deploy nodes across workspaces or clouds, you can deploy the nodes on the Deploy page.
Data security management
You can use the features described in the following table to manage data security in a workspace.
Feature | Description | References |
Data masking | You can specify whether to mask sensitive data. After you enable the data masking feature, if the results returned for a query in DataWorks hit a specified data masking rule, DataWorks masks sensitive information in the query results based on the rule. Note
| |
Data download | You can use this feature to specify whether to allow developers to download query results to an on-premises machine. | -- |
Control for read and write permissions on data sources | You can use this feature to specify whether to allow developers to modify the configurations of a data synchronization node. | Create a request processing policy for Data Integration nodes |
Object permission approval | You can customize processing policies for permissions on MaxCompute tables, resources, and functions. Note You can specify the data range in which a processing policy can apply based on a MaxCompute project or data categorization and sensitivity level classification in Data Security Guard.
| |
Other features | You can manage other security operations that are related to a MaxCompute project. For example, you can perform ACL-based authorization, allow object creators to grant permissions on objects to other users, perform policy-based authorization, and perform column-level access control. | Advanced configurations that are related to MaxCompute |
Operation auditing
You can view operation logs, restore data, and perform auditing operations by using DataStudio.
View operation logs.
Operation
Description
References
View operation records
You can view the records of various operations, such as batch operations, commit operations for a single node, workflow, or table, downloads for query results, and deletion of nodes. This way, you can quickly understand the changes in data.
Operation records
Query audit logs that are generated for user behavior events in ActionTrail
You can query audit logs generated in ActionTrail for operations that are performed in DataWorks. For example, you can query the audit logs of data downloads.
NoteDataWorks is integrated into ActionTrail. You can query the audit logs that are generated in ActionTrail for DataWorks behavior events of your Alibaba Cloud account over the last 90 days. You can use ActionTrail to deliver the events to a Logstore in Simple Log Service or a specific Object Storage Service (OSS) bucket for monitoring and alerting. This way, you can audit the events and trace and analyze issues at the earliest opportunity.
Mask data and trace leaked data
To prevent the leakage of important files, you can configure data masking rules for important data in Data Security Guard and trace the leaked data based on the watermark information about the data in a leaked data file.
NoteRAM users to which the Workspace Administrator or Security Manager role is assigned and RAM users to which the
AliyunDataWorksfullAccess
policy is attached can create a custom data masking rule in Data Security Guard.Audit permissions on a MaxCompute table
You can go to the Permission Audit tab of the Data Access Control page in Security Center and view the IDs of owners who are granted permissions on tables, the details of the permissions, and the validity period of the permissions. You can also revoke the permissions on tables based on your business requirements on the Permission Audit tab.
Restore data.
Operation
Description
References
Restore nodes
DataWorks allows you to restore nodes that are recently deleted from the recycle bin in DataStudio.
NoteAfter a deleted node is restored, the system generates a new ID for the node.
Compare and roll back node versions
You can compare node or workflow versions or roll back the version of a node or workflow to the required version after you click Versions in the left-side navigation pane of a node configuration tab or workflow editing tab.