DataWorks workspace members obtain engine resource permissions through different methods depending on the data source type. This page explains the permission model for each supported engine.
Prerequisites
-
You are familiar with DataWorks workspace properties. Differences between workspace modes.
-
You understand how engine environments map to DataWorks module operations. Mapping between engine environments and DataWorks module operations.
Data sources and data permission control
Permission models vary by engine type.
|
Data source type |
Permission description |
Related topics |
|
MaxCompute engine |
Preset roles DataWorks workspace-level roles map to MaxCompute engine roles. RAM users with preset workspace roles inherit the permissions of the mapped development engine roles.
Custom roles When you create a custom role and map it to a MaxCompute engine role, the custom role inherits the permissions of that engine role. |
|
|
EMR cluster |
Configure cluster account mappings for workspace members to grant them the permissions of the mapped cluster accounts. |
|
|
CDH/CDP cluster |
Configure mappings between workspace members and Linux or Kerberos accounts to grant cluster permissions. |
|
|
Hologres |
Hologres uses its own authorization policy. After you create a workspace and a Hologres data source, grant engine permissions to workspace members following the Hologres permission model. |
|
|
Other engines |
Permissions are determined by the account configured as the engine access identity when you create the data source. Note
|
- |