MaxCompute provides project data protection to control how data moves across projects. Use the SQL statements in this document to enable protection, manage trusted projects, and verify your security configuration.
For all available security parameters, see Security parameters.
How it works
Project data protection restricts data access and transfer at the project level. The typical workflow is:
Enable project data protection on the current project. Once enabled, data access is limited to within the project, and data can only move to and from trusted projects.
Add trusted projects to allow controlled data transfer between specific projects.
Verify the configuration by listing trusted projects and viewing the security configuration.
Operations summary
| Operation | Required role | Supported platforms |
|---|---|---|
| Enable project data protection | Project owner or Super_Administrator | MaxCompute client only |
| Add a trusted project | MaxCompute client, DataWorks console, MaxCompute Studio | |
| Remove a trusted project | MaxCompute client, DataWorks console, MaxCompute Studio | |
| List trusted projects | Project owner, Super_Administrator, or Admin | MaxCompute client, DataWorks console, MaxCompute Studio |
| View security configurations | Project owner, Super_Administrator, or Admin | MaxCompute client, DataWorks console, MaxCompute Studio |
Enable project data protection
Project data protection limits data access to within the project. After you enable it, data can only transfer between the project and its trusted projects.
Required role: Project owner or Super_Administrator
Supported platform: MaxCompute client only
Syntax:
set ProjectProtection={True|False};Add a trusted project
Adding a trusted project allows data to flow between the current project and the specified project.
Syntax:
add trustedproject <project_name>;Parameter:
| Parameter | Required | Description |
|---|---|---|
project_name | Yes | The name of the trusted project to add. |
Remove a trusted project
Removing a trusted project stops data transfers between the current project and the specified project.
Syntax:
remove trustedproject <project_name>;Parameter:
| Parameter | Required | Description |
|---|---|---|
project_name | Yes | The name of the trusted project to remove. |
List trusted projects
Lists all trusted projects added to the current project.
Syntax:
list trustedprojects;View security configurations
Displays all security configuration properties of the current project, including whether project data protection is enabled.
Syntax:
show SecurityConfiguration;What's next
To learn about all available security parameters, see Security parameters.
To set up the MaxCompute client, see MaxCompute client.