A workspace is a basic unit in which different roles can be used for collaborative development. All development operations are performed in a specific workspace. If you want to use a RAM user or a RAM role for collaborative development, you must add the RAM user or RAM role to a workspace as a member and assign roles to the member based on your business requirements.
Background information
The following table describes the permissions of the built-in roles of E-MapReduce (EMR) Serverless Spark.
Item | Permission\Role | Guest
| DataScience
| DataEngineering
| Owner
|
| Views workflows and the states, versions, topologies, details, and configurations of workflows. | √ | √ | √ | √ |
Views the logs and output of a workflow node run and accesses the Spark UI. | √ | √ | √ | √ | |
| Creates workflows, including the association and deployment of topologies, nodes, and jobs. | - | - | √ | √ |
Deletes a workflow. | - | - | √ | √ | |
Creates nodes in a workflow. | - | - | √ | √ | |
Modifies workflow configurations. | - | - | √ | √ | |
Workflow management | Enables workflow scheduling. | - | - | √ | √ |
Disables workflow scheduling. | - | - | √ | √ | |
Runs a workflow. | - | - | √ | √ | |
Reruns a workflow node, forcibly sets the status of a workflow node to successful, and terminates a workflow node. | - | - | √ | √ | |
Queue management | Views the details of a queue. | √ | √ | √ | √ |
Adds a queue. | - | - | - | √ | |
Modifies a queue. For example, adjust the number of resources. | - | - | - | √ | |
Deletes a queue. | - | - | - | √ | |
Submits a queue for execution. | - | √ (Effective for dev_queue) | √ (Effective scope *) | √ (Effective scope *) | |
SQL session management | Views the details of an SQL session. | √ | √ | √ | √ |
Creates an SQL session. | - | - | √ | √ | |
Modifies an SQL session. | - | - | √ | √ | |
Deletes an SQL session. | - | - | √ | √ | |
Notebook session | Views the details of a notebook session. | √ | √ | √ | √ |
Creates a notebook session. | - | - | √ | √ | |
Modifies a notebook session. | - | - | √ | √ | |
Deletes a notebook session. | - | - | √ | √ | |
Gateway | Views the details of a gateway. | √ | √ | √ | √ |
Creates a gateway. | - | - | √ | √ | |
Modifies a gateway. | - | - | √ | √ | |
Deletes a gateway. | - | - | √ | √ | |
Creates, deletes, and updates the token of a gateway. | - | - | √ | √ |
Prerequisites
A workspace is created. For more information, see Manage workspaces.
A RAM user is created and granted the AliyunEmrServerlessSparkReadOnlyAccess, AliyunEMRServerlessSparkDeveloperAccess, or AliyunEMRServerlessSparkFullAccess permission. For more information, see Grant permissions to a RAM user.
Manage users
Add a user
Go to the Access Control page.
Log on to the EMR console.
In the left-side navigation pane, choose .
On the Spark page, find the desired workspace and click the name of the workspace.
In the left-side navigation pane of the EMR Serverless Spark page, choose .
On the User tab of the Access Control page, click Add User.
In the Add User dialog box, select a RAM user from the RAM User drop-down list and click OK.
You can select one or more RAM users.
Remove a user
On the User tab of the Access Control page, find the user that you want to remove and click Delete in the Actions column.
In the Remove User dialog box, click Remove.
Manage roles
If the permissions of existing roles cannot meet your business requirements, you can create a role and grant the required permissions to the role.
Create a role and grant permissions to the role
On the Role tab of the Access Control page, click Create Role.
In the dialog box that appears, configure the Role Name and Display Name parameters and click OK.
Click the name of the role that you created.
On the page that appears, click Add Authorization.
In the Add Authorization panel, select the required permissions in the Select Permissions section, click the right arrow to add the permissions to the Permissions Selected section, and then click OK.
Associate a user with a role
On the Role tab of the Access Control page, find the desired role and click Add User in the Actions column.
In the Add User dialog box, select the desired user from the User drop-down list and click OK.
Disassociate a user from a role
On the Role tab of the Access Control page, find the desired role and click Remove User in the Actions column.
In the Remove User dialog box, select the desired user from the User drop-down list and click OK.