Data Management (DMS) implements access control on the task orchestration feature by using custom policies. For example, you can use a custom policy to specify whether a DMS user is allowed to create, publish and deploy, and update a task flow. This topic describes how to grant a DMS user the permissions to publish a task flow if you are a DMS administrator. The user is not the owner of the task flow.
Usage notes
The policy feature is rolled out in canary release mode. For more information about the policy feature, see Manage policies.
Prerequisites
You have the permissions to use the policy feature. If you do not have the required permissions, contact a DMS administrator to assign the DMS administrator role to your account. For more information, see the Modify a user section of the "Manage users" topic.
By default, DMS administrators have the permissions to manage policies.
Test environment in this example
A task flow named Task_orchestration_access_control_test is created by a DMS administrator. For more information about how to create a task flow, see the Step 1: Create a task flow section of the "Getting started" topic.
Procedure
Step 1: Add the DMS user to be authorized as a stakeholder of a task flow
- Log on to the DMS console V5.0.
Move the pointer over the
icon in the upper-left corner and choose . NoteIf you use the DMS console in normal mode, choose in the top navigation bar.
Click the name of the task flow that you want to manage.
On the task flow configuration page, click the Task Flow Information tab in the lower part of the page.
In the Properties section of the Task Flow Information tab, add the DMS user to be authorized as a stakeholder of the task flow. In this example, the DMS user to be authorized is
dmsuser_test.
Step 2: Create a policy as a DMS administrator
Move the pointer over the
icon in the upper-left corner and choose . NoteIf you use the DMS console in normal mode, choose in the top navigation bar.
This feature is rolled out in canary release mode.
On the Policy page, click Create Policy. On the Create Policy page, configure the Name and Remarks parameters in the Basic Information section. In this example, the policy name is
Allow Users to Publish Task Flows.Configure the content of the policy.
In this example, the policy is configured to allow DMS users to publish and deploy task flows.
The policy feature supports the following operations on task flows:
Publish and Deploy Task Flow: publishes task flows and deploys nodes in the task flows.
Unpublish Task Flow: unpublishes task flows.
Freeze Task Flow: freezes task flows. Frozen task flows cannot be scheduled.
Unfreeze Task Flow: unfreezes task flows. Unfrozen task flows can be scheduled again.
Update Task Flow Configurations: updates the configurations of task flows, such as scheduling configurations and variable configurations.
Update Task Flow: updates task flows, such as nodes and edges.
Create Node: adds nodes to task flows.
Delete Node: removes nodes from task flows.
For more information about how to configure a policy, see the Step 1: Create and configure a policy section of the "Manage policies" topic.
In the lower-left corner of the page, click Confirm.
Step 3: Attach the policy to the DMS user to be authorized
On the Policy page, find the policy that you want to manage and click Authorize in the Operation column.
In the Authorize dialog box, select Users or Role as Subject Type and select one or more DMS users or roles. In this example, the dmsuser_test user is selected.
A role refers to a custom role. After you attach a policy to a role, DMS users who assume this role are restricted by the policy.
Click OK.
After the policy that grants the permissions to publish and deploy task flows is attached to the
dmsuser_testuser, the user can publish task flows. For more information about how to publish a task flow, see Publish or unpublish a task flow.