When a data shipping job of the new version is running to ship data to MaxCompute, the job must read data from a source Logstore. To meet the requirement, you can assign a custom role to the data shipping job. This topic describes how to grant permissions to a custom role.
Prerequisites
A Resource Access Management (RAM) role named MaxcomputeShipRole is created. For more information, see Create a RAM role.
Procedure
After you grant a RAM role the permissions to read data from a Logstore, you can assign the RAM role to a data shipping job to read data from the Logstore.
- Log on to the RAM console.
- Create a policy that specifies the permissions to read data from a Logstore.
- Attach the policy to the RAM role.
- In the left-side navigation pane, choose .
- Find the RAM role to which you want to attach the policy and click Add Permissions in the Actions column.
- Click Custom Policy in the Select Policy section, select the policy that you created in 2, and then click OK. In this example, the log-maxcompute-export-source-policy policy is selected.
- Confirm the authorization result and click Complete.
After you configure the settings, you can assign the custom RAM role to a data shipping job of the new version to read data from the source Logstore. If you create a data shipping job of the new version, set the Authorization of MaxCompute Write Permission parameter to Custom Role and enter the Alibaba Cloud Resource Name (ARN) of the custom RAM role. In this example, acs:ram::10****12:role/maxcomputeshiprole is used. For information about how to obtain the ARN of a RAM role, see View the information about a RAM role.