To access the Realtime Compute for Apache Flink console and perform draft development and deployment O&M in a namespace in the console of fully managed Flink, you must be granted RAM permissions and the permissions to perform operations in the namespace. This topic describes the use scenarios and the differences of the preceding permissions.
Permissions
Realtime Compute for Apache Flink allows you to log on to the Realtime Compute for Apache Flink console and perform draft development and deployment O&M by using an Alibaba Cloud account, a RAM user, a RAM role, or a member in a resource directory. If you use your Alibaba Cloud account to log on to the Realtime Compute for Apache Flink console and access resources that belong to the account, no authorization is required. If you use other methods to log on to the Realtime Compute for Apache Flink console, you must be granted the required permissions to use related features. The following table describes the differences between RAM permissions and the permissions to perform operations in a namespace.
Permission type | Description | References |
RAM permissions | If you want to view a workspace and perform operations such as workspace purchase or resource reconfiguration in a workspace in the Realtime Compute for Apache Flink console as a RAM user, you must grant permissions to the RAM user. For example, you can attach the AliyunStreamFullAccess policy to the RAM user. If you do not grant permissions to the RAM user, an error message indicating that the RAM user does not have permissions appears.
| |
Permissions to perform operations in a namespace | If you want to perform operations such as draft development and deployment O&M in a namespace in the console of fully managed Flink, you must add an account, such as an Alibaba Cloud account, a RAM user, or a RAM role, as a member of the namespace. You can assign the owner, editor, or viewer role to the member that you add.
|
Realtime Compute for Apache Flink allows you to log on to the Realtime Compute for Apache Flink console in different logon methods to perform draft development and deployment O&M. The principals (identities or accounts) that must be granted required permissions may vary based on the logon methods. For more information, see Authorization in different logon methods.
References
For more information about how to use different identities such as Alibaba Cloud accounts, RAM roles, and RAM users to access the Realtime Compute for Apache Flink console, see Supported logon methods.
For more information about the API operations related to RAM permission management, see Permission management.