Data Management (DMS) uses custom policies to control which operations a user can perform on a task flow. This lets a DMS administrator grant a non-owner user specific permissions—such as publishing or freezing a task flow—without transferring ownership.
This topic walks through a complete example: a DMS administrator grants a non-owner user (dmsuser_test) permission to publish and deploy the task flow Task_orchestration_access_control_test.
The policy feature is in canary release. For details, see Manage policies.
Prerequisites
Before you begin, ensure that you have:
-
The DMS administrator role, which is required to manage policies
If you don't have this role, ask a DMS administrator to assign it. See the Modify a user section of "Manage users."
DMS administrators have policy management permissions by default.
Controllable operations
A policy can grant or restrict the following operations on a task flow:
| Operation | What it does |
|---|---|
| Publish and deploy task flow | Publishes the task flow and deploys its nodes |
| Unpublish task flow | Unpublishes the task flow |
| Freeze task flow | Freezes the task flow; frozen task flows are not scheduled |
| Unfreeze task flow | Unfreezes the task flow so it can be scheduled again |
| Update task flow configurations | Updates scheduling settings and variable configurations |
| Update task flow | Modifies the task flow structure, including nodes and edges |
| Create node | Adds a node to the task flow |
| Delete node | Removes a node from the task flow |
Grant a user permission to publish a task flow
The following three-step process shows how to grant dmsuser_test permission to publish and deploy a task flow. The task flow (Task_orchestration_access_control_test) was created by a DMS administrator. To create a task flow, see Step 1: Create a task flow in "Getting started."
Step 1: Add the user as a stakeholder of the task flow
-
Log in to the DMS console V5.0.
-
Move your pointer over the
icon in the upper-left corner and choose All Features > Data+AI > Data Development > Task Orchestration.In normal mode, choose Data+AI > Data Development > Task Orchestration in the top navigation bar.
-
Click the name of the task flow you want to manage.
-
On the task flow configuration page, click the Task Flow Information tab at the bottom.
-
In the Properties section, add
dmsuser_testas a stakeholder of the task flow.
Step 2: Create a policy
-
Move your pointer over the
icon in the upper-left corner and choose All Features > Security and Specifications (DBS) > Permission Center > Policy.In normal mode, choose Security and Specifications > Permission Center > Policy in the top navigation bar.
-
On the Policy page, click Create Policy.
-
In the Basic Information section, fill in the Name and Remarks fields. For this example, set the name to
Allow Users to Publish Task Flows. -
In the policy content section, enable the Publish and Deploy Task Flow operation. For full configuration instructions, see Step 1: Create and configure a policy in "Manage policies."
-
Click Confirm in the lower-left corner.
Step 3: Attach the policy to the user
-
On the Policy page, find your policy and click Authorize in the Operation column.
-
In the Authorize dialog box, set Subject Type to Users or Role, then select the target user or role. For this example, select
dmsuser_test.A role here refers to a custom role. Attaching a policy to a role restricts all DMS users who assume that role.
-
Click OK.
dmsuser_test can now publish and deploy the task flow. For instructions, see Publish or unpublish a task flow.