All Products
Search

This Product

    MaxCompute:Project management

    Document Center

    MaxCompute:Project management

    Last Updated:Mar 01, 2026

    A project is the basic organizational unit in MaxCompute. It serves as the primary boundary for multi-user isolation and access control. From the MaxCompute console, grant permissions to team members, configure security policies, and adjust compute and storage properties.

    Prerequisites

    The following table lists the permissions required for each operation.

    OperationRequired permissions
    Create a projectAliyunMaxComputeFullAccess policy or the odps:CreateProject RAM permission. The project creator becomes the Super_Administrator by default and has full control over the project.
    Edit basic informationRAM permissions.
    Configure basic propertiesRAM permissions or the Super_Administrator role for the project.
    Perform data operationsObject-level permissions in the project. If you use the MaxCompute console or OpenAPI, RAM permissions are also required.
    Configure permission propertiesRAM permissions, or an administrative role (Super_Administrator, Admin, or a custom administrative permission).
    Configure IP whitelistRAM permissions, or an administrative role (Super_Administrator, Admin, or a custom administrative permission).
    Note

    An Alibaba Cloud account has permissions to create and configure projects by default. However, you must still grant permissions for data operations.

    Usage notes

    • Deletion is irreversible. Deleting a project permanently destroys all data and resources. Back up data before deleting a project.

    • Console scope. The console focuses on project-level management. To create data assets such as tables, resources, and UDFs, use a developer tool such as the MaxCompute client or DataWorks.

    • Administrative roles. The Super_Administrator and Admin roles have all or most permissions. Grant these roles with caution.

    Open the project management page

    1. Log on to the MaxCompute console and select a region in the top-left corner.

    2. In the left navigation pane, choose Manage Configurations > Projects.

    Create a project

    1. On the Projects page, click Create Project.

    2. In the Create Project dialog box, configure the project parameters. For details, see Project configuration parameters.

    3. Click OK.

    Edit a project

    1. On the Projects page, find the target project and click Manage in the Actions column.

    2. On the Project Settings page, click the Parameter Configuration tab.

    3. Edit the project parameters. For details, see Project configuration parameters.

    Follow a project

    1. On the Projects page, hover over the project name and click the image icon to Follow the project.

    2. The project appears in the My Following section on the Overview page.

    Delete a project

    1. On the Projects page, click Delete in the Actions column for the target project.

    2. In the Delete Project dialog box, select the Are you sure that you want to delete the MaxCompute project? checkbox and click OK.

    3. MaxCompute projects can only be Immediately Delete and Prohibit Project Restoration.

    Important

    • Permanent data loss. All tables and data are immediately and permanently deleted and cannot be restored. Data cleanup takes time proportional to the project size. If you try to recreate a project with the same name and receive an error that the project already exists, wait a few moments and try again.

    • Job failures. All jobs submitted to the project fail because the project no longer exists.

    • DataWorks impact. If a DataWorks workspace is attached to the project, detach it before deleting the project. Deleting the MaxCompute project directly causes errors in the associated DataWorks workspace.

    Freeze and restore a project

    Freeze a project

    Freezing stops the service. A frozen project prevents jobs from running and data from being queried. Data is retained, but storage fees continue to accrue. The project Status changes to Stopped.

    If your account has an overdue payment, renew your service to restore all frozen projects.

    On the Projects page, click Freeze in the Actions column for the target project.

    Restore a project

    Restoring resumes a stopped project. The project Status changes back to Normal.

    On the Projects page, click Restore in the Actions column for the target project.

    Manage tags

    Tags are a unified resource management tool from Alibaba Cloud for cost allocation, resource grouping, and automated O&M.

    Add a tag to a single project

    1. In the Tag column for the target project, hover over the Edit icon and click Edit.

    2. In the Configure Tags dialog box, enter a Tag Key and a Tag Value.

    3. Click OK. In the Configure Tags successfully dialog box, click Close.

    Add tags to multiple projects

    1. Select the target projects and click Batch Add Tag at the bottom of the page.

    2. In the Configure Tags dialog box, enter a Tag Key and a Tag Value.

    3. Click OK. In the Configure Tags successfully dialog box, click Close.

    Remove a tag from a single project

    1. In the Tag column for the target project, hover over the Edit icon and click Edit.

    2. In the Configure Tags dialog box, click the 删除 icon next to the tag to remove.

    3. Click OK. In the Configure Tags successfully dialog box, click Close.

    Remove tags from multiple projects

    1. Select the target projects and click Batch Remove Tag at the bottom of the page.

    2. In the Delete Tags for Multiple Resources dialog box, select the tags to remove.

    3. Click Detach x Tags (where x is the number of tags). In the Configure Tags successfully dialog box, click Close.

    Filter projects by tag

    On the Projects page, click Filter by Tag to filter by tag key and tag value.

    Manage project assets

    Enable schema support

    On the Projects page, find the target project and click Enable Schema in the Actions column.

    If this button is not displayed, the project already supports schemas.

    Share resources with packages

    Packages let you access resources across MaxCompute projects. They share tables, resources, and functions -- but not compute resources.

    A package involves a resource provider and a resource consumer.

    Create and share a package (resource provider)

    1. On the Projects page, find the target project and click Manage in the Actions column.

    2. On the Project Settings page, click the Package tab.

    3. Click Create Package.

    4. In the Create Package dialog box, enter a Package Name, select the Table, Resource, and Function objects to share, set the permissions, and click OK.

    5. On the Package tab, click Specify Project in the Actions column for the target package. In the Specify Project dialog box, enter the names of the projects allowed to install this package.

    Install a package (resource consumer)

    1. On the Project Settings page, click the Package tab.

    2. Click Install Package.

    3. In the Install Package dialog box, enter the Package Name in the format projectName.package_name and click OK. Only one package can be installed at a time.

    4. (Optional) Grant the package permissions to a role, then grant the role to a user. For details, see Manage user permissions in the console.

    For command-line instructions, see Access resources across projects based on packages.

    View tables, resources, UDFs, and periodic tasks

    On the Project Settings page, view the tables, resources, UDFs, and periodic tasks in the project.

    To create, modify, or delete these assets, use a developer tool such as the MaxCompute client (odpscmd) or DataWorks. For operation details, see Table operations, Resource operations, and UDF overview.

    Configure permissions

    Manage role permissions

    1. On the Project Settings page, click the Role Permissions tab.

    2. Click Create Project-level Role.

    3. In the Create Role dialog box, configure the role parameters and click OK.

    The following table lists the permissions available by object type.

    ObjectAvailable permissions
    TableDescribe, Select, Update, Alter, Drop, ShowHistory, Download
    ResourceRead, Write, Download, Delete
    FunctionRead, Write, Download, Execute, Delete
    PackageRead
    ProjectRead, Write, List, CreateTable, CreateInstance

    1. Select a project-level role and click Manage Members in the Actions column. Select the Alibaba Cloud account or RAM user, and click OK. If you cannot find the account by searching, add it in the Add Member section.

    View project members

    Users must be added to a project before they can receive permissions. On the Project Settings page, click the Project Member tab to view permission details for all project members.

    Next steps

    To start developing in your project, prepare a development environment and install the required tools. For details, see Select a connection tool.

    Project configuration parameters

    The following table describes all parameters available when creating or configuring a project in the console.

    Basic information

    ParameterDescriptionSet at creation
    Project Name (Globally Unique)Globally unique and cannot be changed after creation. Must start with a letter and can contain letters, digits, and underscores (_). Length: 3--28 characters.Yes
    Billing MethodChoose Subscription for long-term stable workloads with guaranteed compute resources. Choose Pay-as-you-go for short-term or testing workloads with flexible billing based on actual usage. Set the Default Quota -- all compute jobs without a specified quota use this value. For guidance on selecting a quota type, see Quota management. For usage logic, see Quota usage.Yes
    Default QuotaThe default compute quota for the project.Yes
    Total StorageThe current storage size of the project (logical storage size after compression).--

    Lifecycle configuration

    ParameterDescriptionSet at creation
    Data Retention LifecycleControls the lifecycle behavior for tables (odps.table.lifecycle). Optional: The Lifecycle clause is optional when creating a table. Tables without a lifecycle never expire. Mandatory: The Lifecycle clause is required when creating a table. Inherit: Tables without an explicit lifecycle inherit from odps.table.lifecycle.value (range: 1--37231 days, default: 37231).--
    Tiered Storage LifecycleDefines rules that trigger automatic conversion from Standard to Infrequent Access storage. Conversion triggers when either the Last Access Configuration Policy or the Last Modified Configuration Policy is met. For non-partitioned tables, the rule applies to the entire table. For partitioned tables, the rule applies to each partition independently. For details, see Automatic configuration through lifecycle rules.--

    Super administrator

    ParameterDescriptionSet at creation
    MemberView or edit members of the super_administrator role. A RAM user with the UpdateUsersToSuperAdmin permission can set members here. This has the same effect as managing members on the Role Permissions tab, but supports RAM permission verification. For details, see RAM permissions.--

    Basic properties

    ParameterDescriptionSet at creation
    Allow full table scan for partitioned tablesControls whether to allow full table scans (odps.sql.allow.fullscan). Full table scans consume large amounts of resources. Recommendation: keep this disabled.--
    Backup data retention periodRetention period for backup data in days (odps.timemachine.retention.days). During this period, you can restore data to any backed-up version. Range: 0--30. Default: 1. A value of 0 disables backups.--
    Data Type EditionThe data type version for the project. 1.0 data type: For early MaxCompute projects whose dependent components do not support 2.0. 2.0 data type: For projects with no historical data before April 2020 and components that support 2.0. Hive-compatible type: For projects migrated from Hadoop with components that support 2.0.Yes
    DECIMAL in MaxCompute V2.0Enable or disable the MaxCompute V2.0 Decimal data type (odps.sql.decimal.odps2).--
    Storage TypeMulti-zone Storage: Stores redundant data copies across multiple zones in the same region. Single-zone Storage: Stores redundant data copies on multiple devices within a single zone. Choose Multi-AZ storage for enterprise production data to protect against zone-level failures. For details, see Zone-disaster recovery. For storage specifications and billing, see Storage fees.Yes
    Storage EncryptionEnable storage encryption for the project. Key: MaxCompute Default Key or Bring-Your-Own-Key (BYOK). Algorithm: AES256, AESCTR, or RC4.Yes
    Default Tunnel QuotaThe default Data Transmission Service resource group used when no specific quota is specified. Default value: Default (public resource group). This setting cannot be changed in the console.--
    Authorized Tunnel QuotaAuthorizes all project users and roles to use the configured exclusive resource group for data read and write tasks without manual authorization. A project can have only one exclusive resource group.--
    Overlay Tunnel QuotaStacks an exclusive resource group with the Default resource group, increasing maximum concurrency to the sum of both groups' resources. A project can have only one exclusive resource group, but multiple projects can share the same one. For stacked usage, set the quota group to Default. To use the storage API, specify the exclusive resource group with the QuotaName format: ot_42854300324****_169821756****_p#ot_42854300324****_169821756****.
    Note

    Supported only in some regions, as shown in the console.

    		--
    Limit on Resources Consumed by Single SQL StatementMaximum consumption threshold for a single SQL query (odps.sql.metering.value.max). Unit: Scanned data (GB) x Complexity. Optional. Set this for pay-as-you-go billing to prevent unexpectedly high costs. Also configure real-time consumption monitoring and alerts. For details, see Consumption control.--
    Time ZoneThe time zone for the project (odps.sql.timezone). Affects time-related functions such as NOW() and GETDATE().--

    Permission properties

    ParameterDescriptionSet at creation
    ACL-based Access ControlEnable or disable ACL access control (CheckPermissionUsingACL). Default: enabled (true).--
    Policy-based Access ControlEnable or disable policy-based access control (CheckPermissionUsingPolicy). Default: enabled (true).--
    Perform Operations on Objects by Object CreatorGrant object creators access permissions to the objects they create (ObjectCreatorHasAccessPermission). Default: allowed.--
    Grant Permissions on Objects by Object CreatorGrant object creators authorization permissions for the objects they create (ObjectCreatorHasGrantPermission). Default: allowed.--
    Label-based Access ControlEnable or disable Label-based Access Control (LabelSecurity). Default: disabled.--
    Project Data ProtectionEnable or disable the data protection mechanism (ProjectProtection) to control data flow out of the project. When enabled, you can set an Exception or a Trusted Project.--
    Download PermissionEnable or disable download permission control (odps.security.enabledownloadprivilege).--
    Enable Project-level Tenant Resource Access ControlView tenant resources attached to the project. For details, see Project-level tenant resource access control.
    Note

    Preview only. Does not support enabling checks.

    		--

    IP address whitelist

    ParameterDescriptionSet at creation
    Internet and Cloud Product Interconnection Network IP AddressIP whitelist for the public network and interconnected cloud services. Only devices with listed IPs can access the project.
    Important

    If only this whitelist is configured, all VPC access is denied.

    		--
    VPC IP AddressesIP whitelist for VPC networks. Only devices with listed IPs can access the project.
    Important

    If only this whitelist is configured, all public network and interconnected cloud service access is denied.

    		--

    MaxCompute external network

    ParameterDescriptionSet at creation
    Available MaxCompute External Network AddressesAdd or delete public IP addresses, domain names, and ports for external access. For details, see Access the public network.--

    Intelligent optimization switch

    ParameterDescriptionSet at creation
    AutoMVAutomatically creates materialized views based on query patterns to improve compute efficiency and reduce redundant computations.Yes
    Maximum Storage for AutoMVUpper limit for storage resources that AutoMV can use. When exceeded, AutoMV stops writing data to materialized views. For details, see Manage the AutoMV switch and set the storage resource limit.Yes