DataWorks provides the following built-in workspace-level roles: Project Owner, Workspace Manager, Data Analyst, Development, O&M, Deploy, Visitor, Safety Manager, and Model Developer. This topic describes the permissions of these roles.
DataWorks provides built-in workspace-level roles. The following table describes
the roles.
The tables in the following sections describe the permissions of different built-in
workspace-level roles on service modules. In the tables, Yes indicates that a role
has the specified permission, and No indicates that a role does not have the specified
permission.
| Role | Description |
|---|---|
| Project Owner | This role has all permissions on a workspace. In most cases, the owner of a workspace is an Alibaba Cloud account. For example, the Project Owner role can assign a role to a RAM user and remove a member that is not the owner of a workspace from the workspace. |
| Workspace Manager | This role has all permissions of the Development and O&M roles. This role can also perform the following operations. For example, add a user to a workspace as a member, remove a member from a workspace, or create a custom resource group. |
| Data Analyst | This role has permissions only on DataAnalysis. For more information about DataAnalysis, see Overview. |
| Development | This role has permissions to perform design and maintenance operations on the DataStudio page of a workspace. |
| O&M | This role has permissions to manage the execution of and perform the required operations on all nodes in a workspace in Operation Center. |
| Deploy | This role has permissions to review the code of a node and determine whether to commit the node to Operation Center in a workspace in standard mode. |
| Visitor | This role has read-only permissions on workflows and code on the DataStudio page of a workspace. |
| Safety Manager | This role has permissions only on Data Security Guard. For more information about Data Security Guard, see Overview. |
| Model Developer | This role has permissions to view models and modify parameter configurations in the Data Warehouse Planning, Data Standard, Dimensional Modeling, and Data Metric modules. This role has no permission to publish models. |
- Data management
- Deployment management
- Button control
- Code development
- Function development
- Node type selection
- Resource management
- Workflow development
- Data Integration
- Data Modeling
- DataAnalysis
Data management
| Permission | Project Owner | Workspace Manager | Data Analyst | Development | O&M | Deploy | Visitor | Safety Manager | Model Developer |
|---|---|---|---|---|---|---|---|---|---|
| Delete a self-created table | Yes | Yes | No | Yes | No | No | No | No | No |
| Configure a category for a self-created table | Yes | Yes | No | Yes | No | No | No | No | No |
| View a favorite table | Yes | Yes | No | Yes | No | No | No | No | No |
| Create a table | Yes | Yes | No | Yes | No | No | No | No | No |
| Show a self-created table | Yes | Yes | No | Yes | No | No | No | No | No |
| Modify the schema of a self-created table | Yes | Yes | No | Yes | No | No | No | No | No |
| View a self-created table | Yes | Yes | No | Yes | No | No | No | No | No |
| View the content of a self-submitted permission request | Yes | Yes | No | Yes | No | No | No | No | No |
| Hide a self-created table | Yes | Yes | No | Yes | No | No | No | No | No |
| Configure the time to live (TTL) for a self-created table | Yes | Yes | No | Yes | No | No | No | No | No |
| Request permissions on a table created by other users | Yes | Yes | No | Yes | No | No | No | No | No |
| Update a table in the development environment | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Delete a table in the development environment | Yes | Yes | No | Yes | No | No | No | No | No |
| Preview data | Yes | Yes | No | Yes | Yes | Yes | Yes | Yes | No |
Deployment management
| Permission | Project Owner | Workspace Manager | Data Analyst | Development | O&M | Deploy | Visitor | Safety Manager | Model Developer |
|---|---|---|---|---|---|---|---|---|---|
| Create a deployment task | Yes | Yes | No | Yes | Yes | No | No | No | No |
| View the list of deployment tasks | Yes | Yes | No | Yes | Yes | Yes | Yes | No | No |
| Delete a deployment task | Yes | Yes | No | Yes | Yes | No | No | No | No |
| Run a deployment task | Yes | Yes | No | No | Yes | Yes | No | No | No |
| View the content of a deployment task | Yes | Yes | No | Yes | Yes | Yes | Yes | No | No |
Button control
| Permission | Project Owner | Workspace Manager | Data Analyst | Development | O&M | Deploy | Visitor | Safety Manager | Model Developer |
|---|---|---|---|---|---|---|---|---|---|
| Stop | Yes | Yes | No | Yes | No | No | No | No | No |
| Format | Yes | Yes | No | Yes | No | No | No | No | No |
| Edit | Yes | Yes | No | Yes | No | No | No | No | No |
| Run | Yes | Yes | No | Yes | No | No | No | No | No |
| Zoom in | Yes | Yes | No | Yes | No | No | No | No | No |
| Save | Yes | Yes | No | Yes | No | No | No | No | No |
| Show/Hide | Yes | Yes | No | Yes | No | No | No | No | No |
| Delete | Yes | Yes | No | Yes | No | No | No | No | No |
Code development
| Permission | Project Owner | Workspace Manager | Data Analyst | Development | O&M | Deploy | Visitor | Safety Manager | Model Developer |
|---|---|---|---|---|---|---|---|---|---|
| Save and commit the code of a node | Yes | Yes | No | Yes | No | No | No | No | No |
| View the code of a node | Yes | Yes | No | Yes | Yes | Yes | Yes | No | No |
| Write the code of a node | Yes | Yes | No | Yes | No | No | No | No | No |
| Delete the code of a node | Yes | Yes | No | Yes | No | No | No | No | No |
| View the code of nodes | Yes | Yes | No | Yes | Yes | Yes | Yes | No | No |
| Run the code of a node | Yes | Yes | No | Yes | No | No | No | No | No |
| Modify the code of a node | Yes | Yes | No | Yes | No | No | No | No | No |
| Download a file | Yes | Yes | No | No | No | No | No | No | No |
| Upload a file | Yes | Yes | No | Yes | No | No | No | No | No |
Function development
| Permission | Project Owner | Workspace Manager | Data Analyst | Development | O&M | Deploy | Visitor | Safety Manager | Model Developer |
|---|---|---|---|---|---|---|---|---|---|
| View details of a function | Yes | Yes | No | Yes | Yes | Yes | Yes | No | No |
| Create a function | Yes | Yes | No | Yes | No | No | No | No | No |
| Query a function | Yes | Yes | No | Yes | Yes | Yes | Yes | No | No |
| Delete a function | Yes | Yes | No | Yes | No | No | No | No | No |
Node type selection
| Permission | Project Owner | Workspace Manager | Data Analyst | Development | O&M | Deploy | Visitor | Safety Manager | Model Developer |
|---|---|---|---|---|---|---|---|---|---|
| PAI | Yes | Yes | No | Yes | No | No | No | No | No |
| ODPS MR | Yes | Yes | No | Yes | No | No | No | No | No |
| Data Synchronization | Yes | Yes | No | Yes | No | No | No | No | No |
| SQL | Yes | Yes | No | Yes | No | No | No | No | No |
| XLIB | Yes | Yes | No | Yes | Yes | Yes | Yes | No | No |
| Shell | Yes | Yes | No | Yes | No | No | No | No | No |
| Zero load | Yes | Yes | No | Yes | Yes | Yes | Yes | No | No |
| script_seahawks | Yes | Yes | No | Yes | No | No | No | No | No |
| dtboost_analytic | Yes | Yes | No | Yes | No | No | No | No | No |
| dtboost_recommend | Yes | Yes | No | Yes | No | No | No | No | No |
| PyODPS | Yes | Yes | No | Yes | No | No | No | No | No |
| AnalyticDB for PostgreSQL | Yes | Yes | No | Yes | No | No | No | No | No |
| AnalyticDB for MySQL | Yes | Yes | No | Yes | No | No | No | No | No |
| HTTP Trigger | Yes | Yes | No | Yes | No | No | No | No | No |
Resource management
| Permission | Project Owner | Workspace Manager | Data Analyst | Development | O&M | Deploy | Visitor | Safety Manager | Model Developer |
|---|---|---|---|---|---|---|---|---|---|
| View the list of resources | Yes | Yes | No | Yes | Yes | Yes | Yes | No | No |
| Delete a resource | Yes | Yes | No | Yes | No | No | No | No | No |
| Create a resource | Yes | Yes | No | Yes | No | No | No | No | No |
| Upload a JAR file | Yes | Yes | No | Yes | No | No | No | No | No |
| Upload a TXT file | Yes | Yes | No | Yes | No | No | No | No | No |
| Upload a file as an archive-type resource | Yes | Yes | No | Yes | No | No | No | No | No |
Workflow development
| Permission | Project Owner | Workspace Manager | Data Analyst | Development | O&M | Deploy | Visitor | Safety Manager | Model Developer |
|---|---|---|---|---|---|---|---|---|---|
| Run or stop a workflow | Yes | Yes | No | Yes | No | No | No | No | No |
| Save a workflow | Yes | Yes | No | Yes | No | No | No | No | No |
| View a workflow | Yes | Yes | No | Yes | Yes | Yes | Yes | No | No |
| Commit the code of a node | Yes | Yes | No | Yes | No | No | No | No | No |
| Modify a workflow | Yes | Yes | No | Yes | No | No | No | No | No |
| View the list of workflows | Yes | Yes | No | Yes | Yes | Yes | Yes | No | No |
| Change the owner of a workflow | Yes | Yes | No | No | No | No | No | No | No |
| View the code of a node | Yes | Yes | No | Yes | No | No | No | No | No |
| Delete a workflow | Yes | Yes | No | Yes | No | No | No | No | No |
| Create a workflow | Yes | Yes | No | Yes | No | No | No | No | No |
| Create a folder | Yes | Yes | No | Yes | No | No | No | No | No |
| Delete a folder | Yes | Yes | No | Yes | No | No | No | No | No |
| Modify a folder | Yes | Yes | No | Yes | No | No | No | No | No |
Data Integration
| Permission | Project Owner | Workspace Manager | Data Analyst | Development | O&M | Deploy | Visitor | Safety Manager | Model Developer |
|---|---|---|---|---|---|---|---|---|---|
| Edit a node | Yes | Yes | No | Yes | No | No | No | No | No |
| View a node | Yes | Yes | No | Yes | No | No | No | No | No |
| Delete a node | Yes | Yes | No | Yes | No | No | No | No | No |
| Access the menu for managing data synchronization resources | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| View the list of resource groups for data synchronization | Yes | Yes | No | Yes | Yes | Yes | Yes | No | No |
| Create a resource group for data synchronization | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| View the list of Elastic Compute Service (ECS) instances in a resource group for data synchronization | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Add an ECS instance to a resource group for data synchronization | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Remove an ECS instance from a resource group for data synchronization | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Modify an ECS instance in a resource group for data synchronization | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Obtain the AccessKey pair for accessing a resource group for data synchronization | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Delete a resource group for data synchronization | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Monitor resource consumption | Yes | Yes | No | No | No | No | No | No | No |
| Change the resource group for nodes in Operation Center | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Access the menu for managing synchronization nodes | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Convert a node to a script | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Obtain the list of members in a project | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Call the API operation for writing the code of a node | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Call the API operation for saving or updating the code of a node | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Call the API operation for obtaining the code of a node based on the file ID | Yes | Yes | No | Yes | Yes | Yes | Yes | No | No |
| Obtain the list of Data Integration nodes | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Call the API operation for querying a table | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Call the API operation for querying a field | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Call the API operation for querying a data source | Yes | Yes | No | Yes | Yes | Yes | Yes | No | No |
| Call the API operation for creating a data source | Yes | Yes | No | No | Yes | No | No | No | No |
| Call the API operation for querying the details of a data source | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Call the API operation for updating a data source | Yes | Yes | No | No | Yes | No | No | No | No |
| Call the API operation for deleting a data source | Yes | Yes | No | No | Yes | No | No | No | No |
| Test connectivity | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Preview data | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Check whether Tablestore Stream is activated | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Activate Tablestore | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Query a statement used to create a MaxCompute table | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Create a MaxCompute table | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Query the creation status of a MaxCompute table | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
| Migrate a database table | Yes | Yes | No | No | No | No | No | No | No |
Data Modeling
| Permission | Project Owner | Workspace Manager | Data Analyst | Development | O&M | Deploy | Visitor | Safety Manager | Model Developer |
|---|---|---|---|---|---|---|---|---|---|
| View a model | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Edit a model | Yes | Yes | No | Yes | Yes | No | No | No | Yes |
| Publish a model | Yes | Yes | No | No | Yes | No | No | No | No |
DataAnalysis
| Permission | Project Owner | Workspace Manager | Data Analyst | Development | O&M | Deploy | Visitor | Safety Manager | Model Developer |
|---|---|---|---|---|---|---|---|---|---|
| View the DataAnalysis page | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Use DataAnalysis | Yes | Yes | Yes | Yes | Yes | Yes | No | Yes | Yes |
Note By default, a custom role does not have the permissions that are granted to the Data Analyst role. If you want to use DataAnalysis by assuming the custom role, you can ask the
user that is assigned the Workspace Manager role to assign the Data Analyst role to you. For more information about how to assign a role to a workspace member,
see Manage workspace-level roles and members. For more information about custom roles, see Permissions of workspace-level roles.