A Resource Access Management (RAM) user needs explicit permissions to perform EMR Serverless Spark operations, such as creating, viewing, or deleting workspaces. This topic explains how to grant those permissions using the RAM console.
Prerequisites
Before you begin, ensure that you have:
A RAM user created. For more information, see Create a RAM user.
Choose a policy
Select the system policy that matches the RAM user's role:
AliyunEMRServerlessSparkFullAccess: Grants administrator permissions for EMR Serverless Spark, including permissions to create and delete workspaces. For more information, see AliyunEMRServerlessSparkFullAccess.
AliyunEMRServerlessSparkDeveloperAccess: Grants developer permissions for EMR Serverless Spark. Does not include permissions to create or delete workspaces. For more information, see AliyunEMRServerlessSparkDeveloperAccess.
AliyunEmrServerlessSparkReadOnlyAccess: Grants read-only permissions for EMR Serverless Spark, including access to the Spark service in read-only mode. For more information, see AliyunEmrServerlessSparkReadOnlyAccess.
Add permissions in the RAM console
Log on to the RAM console as a RAM administrator.
In the left-side navigation pane, choose Identities > Users.
On the Users page, find the target RAM user and click Add Permissions in the Actions column.
To grant permissions to multiple RAM users at once, select them and click Add Permissions at the bottom of the page.
In the Grant Permission panel, configure the following parameters.
Click Grant permissions.
Click Close.