Grant permissions to an account - Realtime Compute for Apache Flink

This topic describes how to grant permissions to an Alibaba Cloud account or a RAM user to perform operations such as draft development.

Background information

Fully managed Flink allows you to authorize other Alibaba Cloud accounts or RAM users to use the fully managed Flink service. If an Alibaba Cloud account or a RAM user is not granted the permissions to use fully managed Flink by the Alibaba Cloud account that purchases the fully managed Flink service, the Namespace List page is empty after you log on to the console of fully managed Flink by using the Alibaba Cloud account or as a RAM user. As a result, you cannot perform operations such as draft development.

The features that an Alibaba Cloud account or a RAM user can use vary based on the role that is assigned to the Alibaba Cloud account or RAM user. The following table describes the features that are supported by different roles.


Feature	Owner	Editor	viewer
View deployments	Y	Y	Y
Start and cancel a deployment	Y	Y	N
Modify deployment configurations	Y	Y	N
View resources	Y	Y	Y
Upload resources	Y	Y	N
Write SQL statements	Y	Y	N
Create a user-defined function (UDF)	Y	Y	N
Register metadata	Y	Y	N
View a deployment template	Y	Y	Y
Add, delete, and modify a deployment template	Y	N	N
Manage members of a workspace	Y	N	N

Grant permissions to the synchronization account

Create an Alibaba Cloud account or a RAM user.
- Go to the Sign up to Alibaba Cloud page and enter the information of the Alibaba Cloud account that you want to create.
- For more information about how to create a RAM user, see Create a RAM user.
Grant permissions to the Alibaba Cloud account or RAM user in the console of fully managed Flink.
1. Log on to the Realtime Compute for Apache Flink console.
2. On the Fully Managed Flink tab, find the workspace that you want to manage and click Console in the Actions column.
3. In the left-side navigation pane, click Security.
4. On the Members tab, click Add Member.
5. In the Add Member dialog box, configure the Role and Member Information parameters.
  - Role: For more information about the features that are supported by different roles, see Background information.
  - Member Information: The RAM users of your Alibaba Cloud account in the current instance are displayed after you click the Member Information field. You can select the required RAM user of your Alibaba Cloud account or enter the ID of another Alibaba Cloud account in the Member Information field.
    Note You can enter the ID of an Alibaba Cloud account or a RAM user for a fuzzy match.
    To query the ID of an Alibaba Cloud account, perform the following operations: In the upper-right corner of the Realtime Compute for Apache Flink console, move the pointer over the profile picture and click Basic Information.
    For more information about how to obtain the ID of a RAM user, see View the basic information about a RAM user group.
6. Click OK.
Log on to the console of fully managed Flink by using the newly created Alibaba Cloud account or as a RAM user.
For more information about how to log on to the Alibaba Cloud Management Console as a RAM user, see Log on to the Alibaba Cloud Management Console as a RAM user.
Important If you have logged on to the console of fully managed Flink by using the newly created Alibaba Cloud account or as a RAM user, you must log on to the console again by using the Alibaba Cloud account or as a RAM user after the Alibaba Cloud account or RAM user is authorized to use fully managed Flink. Otherwise, you cannot view project information.