All Products
Search

This Product

    MaxCompute:Grant built-in admin roles to users

    Document Center

    MaxCompute:Grant built-in admin roles to users

    Last Updated:Mar 26, 2026

    MaxCompute provides two built-in administrator roles: Super_Administrator and Admin. Assigning either role to a user grants them all permissions of that role at the project level, which is more efficient than granting individual permissions.

    Only the project owner can assign built-in administrator roles.

    Built-in role Scope Assigned by Assignment methods
    Super_Administrator Project-level Project owner MaxCompute client, DataWorks
    Admin Project-level Project owner MaxCompute client, DataWorks

    Prerequisites

    Before you begin, ensure that you have:

    • Owner access to the MaxCompute project

    • The RAM user to be assigned the role exists in the Alibaba Cloud account

    Assign a role by using the MaxCompute client

    The following example assigns the Super_Administrator role to RAM user Allen (RAM$Bob@aliyun.com:Allen), who belongs to the Alibaba Cloud account Bob@aliyun.com. The target project is test_project_a.

    1. Enter the project.

      USE test_project_a;

    2. Add the RAM user to the project.

      ADD USER RAM$Bob@aliyun.com:Allen;

    3. Grant the role to the RAM user.

      GRANT super_administrator TO RAM$Bob@aliyun.com:Allen;

    Assign a role by using DataWorks

    The following example assigns the Super_Administrator role to RAM user Allen (RAM$Bob@aliyun.com:Allen), who belongs to the Alibaba Cloud account Bob@aliyun.com. The target project is test_project_a.

    1. Go to the Workspace page of DataWorks. In the upper-left corner, select the target workspace from the drop-down list.

    2. Add the RAM user as a workspace member.

      1. In the left-side navigation pane, click Workspace Members and Roles to open the Workspace Members tab.

      2. In the upper-right corner, click Add Members.

      3. In the Add Members dialog box, select Allen from the Available Accounts section and click the rightwards arrow to move the user to the Selected Accounts section.

      4. Select roles for the member and click Confirm.

    3. Assign the Super_Administrator or Admin role to the RAM user.

      Note

      The following steps apply to the old-version DataWorks console. If you use the new-version console, see Manage user permissions in the MaxCompute console.

      1. In the left-side navigation pane, click MaxCompute Management.

      2. In the navigation tree, click Custom User Roles.

      3. Find the role to assign and click Manage Members in the Actions column. In the Manage Members dialog box, select Allen from the Available Accounts section and click the rightwards arrow to move the user to the Added Accounts section.

      4. Click Confirm.