In some cases, business analysts want to view tables in the production environment, but they do not need and are not allowed to view tasks in the production environment. You can use package-based authorization to grant the business analysts the permissions to view some tables of multiple production projects.
Scenario
You can create an analysis project for the business analysts who want to view tables
in the production environment but are not allowed to view tasks in the production
environment.
- Create packages in multiple production projects and add the tables that you want to open to the business analysts to these packages.
- Install the packages in the analysis project and grant the read permissions on these packages to the business analysts.
Procedure
- Create a package in a production project.
CREATE PACKAGE [pkgname] -- Create a package named prj_prod2bi. CREATE PACKAGE prj_prod2bi; - Add the resources that you want to share to the package in the production project.
ADD table [table_name] TO PACKAGE [Package name]; -- Add the adl_test_table table to the prj_prod2bi package. ADD table adl_test_table TO PACKAGE prj_prod2bi; - Enable the production project to allow an analysis project to use the package.
ALLOW PROJECT [Project in which the package is allowed to install] TO INSTALL PACKAGE [Package name]; -- Authorize the analysis project to use the prj_prod2bi package. ALLOW PROJECT PRJ_BI TO INSTALL PACKAGE prj_prod2bi; - Install the package in the analysis project.
INSTALL PACKAGE [Application name].[ Package name]; -- Install the package in the analysis project. INSTALL PACKAGE prj_prod.prj_prod2bi; - Grant the read permissions on the package to a specific user.
-- Grant the read permissions on the package to a specific user. GRANT read on package prj_prod2bi TO USER[Alibaba Cloud account]; -- Grant the read permissions on the package to a specific role. GRANT read on package prj_prod2bi TO ROLE[rolename];