All Products
Search

This Product

    MaxCompute:List of security parameters

    Document Center

    MaxCompute:List of security parameters

    Last Updated:Mar 26, 2026

    MaxCompute project owners can configure security parameters to control access, permissions, and data flow at the project level. Each parameter is an independent toggle — changing one does not affect the others.

    View the current configuration

    Before changing any parameter, check the current state of your project's security configuration:

    show SecurityConfiguration;

    The output lists each parameter with its current value.

    Parameters

    The following parameters can be set by the project owner or a user assigned the project-level Super_Administrator role, using either the MaxCompute client or the DataWorks console.

    CheckPermissionUsingACL

    Controls whether ACL-based access control is enforced when evaluating access requests.

    set CheckPermissionUsingACL={true|false};
    Value Effect
    true Access Control List (ACL) permissions are checked for every access request.
    false ACL permissions are not checked.

    Default: true

    CheckPermissionUsingPolicy

    Controls whether policy-based access control is enforced when evaluating access requests.

    set CheckPermissionUsingPolicy={true|false};
    Value Effect
    true Policy permissions are checked for every access request.
    false Policy permissions are not checked.

    Default: true

    ObjectCreatorHasAccessPermission

    Controls whether the user who creates an object automatically has access to that object.

    set ObjectCreatorHasAccessPermission={true|false};
    Value Effect
    true Object creators can access the objects they create.
    false Object creators have no automatic access to the objects they create.

    Default: true

    ObjectCreatorHasGrantPermission

    Controls whether the user who creates an object can grant permissions on that object to other users.

    set ObjectCreatorHasGrantPermission={true|false};
    Value Effect
    true Object creators can grant permissions on their objects to other users.
    false Object creators cannot grant permissions on their objects to other users.

    Default: true

    LabelSecurity

    Controls whether label-based access control is enforced.

    Set LabelSecurity={true|false};
    Value Effect
    true Label-based access control is enforced.
    false Label-based access control is disabled.

    Default: false

    ProjectProtection

    Controls whether data can flow out of the project to other MaxCompute projects. Enable project data protection to prevent unauthorized data export across project boundaries.

    set ProjectProtection={true|false};
    Value Effect
    true Project data protection is enabled. Data outflow to other projects is restricted.
    false Data can flow freely to other projects.

    Default: Not documented. Check your project's current value using show SecurityConfiguration; before changing this setting.

    What's next