ALIYUN::MaxCompute::Role - Resource Orchestration Service

ALIYUN::MaxCompute::Role is used to create a role at the MaxCompute project level.

Syntax

{
  "Type": "ALIYUN::MaxCompute::Role",
  "Properties": {
    "ProjectName": String,
    "RoleName": String,
    "Type": String,
    "Acl": Map,
    "Policy": Map
  }
}

Properties

Property	Type	Required	Editable	Description	Constraint
ProjectName	String	Yes	No	The project name.	None.
RoleName	String	Yes	No	The role name.	None.
Type	String	Yes	No	The role type.	Valid values: Resource Admin
Acl	Map	No	Yes	The information about the access control list (ACL)-based access control for the role.	For more information, see Acl properties.
Policy	Map	No	Yes	The information about the policy-based access control for the role.	None.

Acl syntax

"Acl": {
  "Function": List,
  "Project": List,
  "Table": List,
  "Instance": List,
  "Resource": List,
  "Package": List
}

Acl properties

Property	Type	Required	Editable	Description	Constraint
Function	List	No	Yes	The functions.	None.
Instance	List	No	Yes	The instances.	None.
Project	List	No	Yes	The projects.	None.
Package	List	No	Yes	The packages.	None.
Resource	List	No	Yes	The resources.	None.
Table	List	No	Yes	The tables.	None.

Function syntax

"Function": [
  {
    "Actions": List,
    "Name": String
  }
]

Function properties

Property

Type

Required

Editable

Description

Constraint

Name

String

Yes

The function name.

None.

Actions

List

The function operations.

Valid values:

All
Read
Write
Download
Execute
Delete

Project syntax

"Project": [
  {
    "Actions": List,
    "Name": String
  }
]

Project properties

Property

Type

Required

Editable

Description

Constraint

Name

String

Yes

The project name.

None.

Actions

List

The project operations.

Valid values:

All
Read
Write
List
CreateTable
CreateInstance

Table syntax

"Table": [
  {
    "Actions": List,
    "Name": String
  }
]

Table properties

Property

Type

Required

Editable

Description

Constraint

Name

String

Yes

The table name.

None.

Actions

List

The table operations.

Valid values:

All
Describe
Select
Update
Alter
Drop
ShowHistory
Download

Instance syntax

"Instance": [
  {
    "Actions": List,
    "Name": String
  }
]

Instance properties

Property	Type	Required	Editable	Description	Constraint
Name	String	Yes	No	The instance name.	None.
Actions	List	No	No	The instance operations.	None.

Resource syntax

"Resource": [
  {
    "Actions": List,
    "Name": String
  }
]

Resource properties

Property

Type

Required

Editable

Description

Constraint

Name

String

Yes

The resource name.

None.

Actions

List

The resource operations.

Valid values:

All
Read
Write
Download
Delete

Package syntax

"Package": [
  {
    "Actions": List,
    "Name": String
  }
]

Package properties

Property	Type	Required	Editable	Description	Constraint
Name	String	Yes	No	The package name.	None.
Actions	List	No	No	The package operations.	Set the value to Read.

Return values

Fn::GetAtt

RoleName: the role name.
ProjectName: the project name.

Examples

YAML

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  RoleName:
    Type: String
    Description:
      en: The name of the project role
    Required: true
  Type:
    Type: String
    Description:
      en: |-
        Role types, MaxCompute provides administrator roles and resource roles. Valid values:
        Admin: You can grant management-related permissions to administrator roles by using policies instead of access control lists (ACLs). You cannot grant resource-related permissions to administrator roles.
        Resource: You can grant resource-related permissions but not management-related permissions to resource roles.
    AllowedValues:
      - Admin
      - Resource
    Required: true
  ProjectName:
    Type: String
    Description:
      en: The name of the MaxCompute project.
    Required: true
Resources:
  ExtensionResource:
    Type: ALIYUN::MaxCompute::Role
    Properties:
      RoleName:
        Ref: RoleName
      Type:
        Ref: Type
      ProjectName:
        Ref: ProjectName
Outputs:
  RoleName:
    Description: The name of the project role.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - RoleName
  ProjectName:
    Description: The name of the MaxCompute project.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - ProjectName

JSON

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "RoleName": {
      "Type": "String",
      "Description": {
        "en": "The name of the project role"
      },
      "Required": true
    },
    "Type": {
      "Type": "String",
      "Description": {
        "en": "Role types, MaxCompute provides administrator roles and resource roles. Valid values:\nAdmin: You can grant management-related permissions to administrator roles by using policies instead of access control lists (ACLs). You cannot grant resource-related permissions to administrator roles.\nResource: You can grant resource-related permissions but not management-related permissions to resource roles."
      },
      "AllowedValues": [
        "Admin",
        "Resource"
      ],
      "Required": true
    },
    "ProjectName": {
      "Type": "String",
      "Description": {
        "en": "The name of the MaxCompute project."
      },
      "Required": true
    }
  },
  "Resources": {
    "ExtensionResource": {
      "Type": "ALIYUN::MaxCompute::Role",
      "Properties": {
        "RoleName": {
          "Ref": "RoleName"
        },
        "Type": {
          "Ref": "Type"
        },
        "ProjectName": {
          "Ref": "ProjectName"
        }
      }
    }
  },
  "Outputs": {
    "RoleName": {
      "Description": "The name of the project role.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "RoleName"
        ]
      }
    },
    "ProjectName": {
      "Description": "The name of the MaxCompute project.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "ProjectName"
        ]
      }
    }
  }
}