Before using PAI dataset features, grant RAM users the permissions to manage datasets and access data storage services — Object Storage Service (OSS), Apsara File Storage NAS (NAS), and Cloud Parallel File Storage (CPFS).
Alibaba Cloud accounts have full permissions by default and require no additional authorization. RAM users require specific permissions before they can create or manage datasets.
Authorize a RAM user
Grant dataset management permissions
Add the RAM user to the workspace and assign the required role. For role permissions, see AI Asset Management. For instructions on adding RAM users to a workspace, see Manage members of a workspace.
Grant OSS type dataset permissions
To create OSS type datasets, the RAM user must have permissions to access the OSS bucket list. Complete the following steps:
Create a custom policy on the JSON tab using the following sample policy:
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "oss:ListBuckets", "oss:GetBucketStat", "oss:GetBucketInfo", "oss:GetBucketTagging", "oss:GetBucketLifecycle", "oss:GetBucketWorm", "oss:GetBucketVersioning", "oss:GetBucketAcl", "oss:PutObject", "oss:GetBucketCors", "oss:PutBucketCors" ], "Resource": "acs:oss:*:*:*" }, { "Effect": "Allow", "Action": [ "oss:ListObjects", "oss:GetBucketAcl" ], "Resource": "acs:oss:*:*:mybucket" }, { "Effect": "Allow", "Action": [ "oss:GetObject", "oss:GetObjectAcl" ], "Resource": "acs:oss:*:*:mybucket/*" } ] }
Grant NAS/CPFS type dataset permissions
To create NAS or CPFS type datasets, the RAM user must have permissions to access the NAS file system list, including querying file systems and protocol service information (CPFS only). Complete the following steps:
Create a custom policy on the JSON tab using the following sample policy:
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "nas:DescribeFileSystems", "nas:DescribeProtocolMountTarget", "nas:DescribeProtocolService" ], "Resource": "acs:nas:*:*:filesystem/*" } ] }