A Resource Access Management (RAM) user needs explicit permissions to perform EMR Serverless Spark operations, such as creating, viewing, or deleting workspaces. This topic explains how to grant those permissions using the RAM console.
Prerequisites
Before you begin, ensure that you have:
A RAM user created. For more information, see Create a RAM user.
Choose a policy
Select the system policy that matches the RAM user's role:
AliyunEMRServerlessSparkFullAccess: Grants administrator permissions for EMR Serverless Spark, including permissions to create and delete workspaces. For more information, see AliyunEMRServerlessSparkFullAccess.
AliyunEMRServerlessSparkDeveloperAccess: Grants developer permissions for EMR Serverless Spark. Does not include permissions to create or delete workspaces. For more information, see AliyunEMRServerlessSparkDeveloperAccess.
AliyunEmrServerlessSparkReadOnlyAccess: Grants read-only permissions for EMR Serverless Spark, including access to the Spark service in read-only mode. For more information, see AliyunEmrServerlessSparkReadOnlyAccess.
Add permissions in the RAM console
Log on to the RAM console as a RAM administrator.
In the left-side navigation pane, choose Identities > Users.
On the Users page, find the target RAM user and click Add Permissions in the Actions column.
To grant permissions to multiple RAM users at once, select them and click Add Permissions at the bottom of the page.
In the Grant Permission panel, configure the following parameters.
Parameter Description Resource Scope Select Account to apply permissions across the entire Alibaba Cloud account, or select ResourceGroup to apply permissions to a specific resource group. Principal The RAM user to receive the permissions. The current RAM user is pre-selected. Add other RAM users if needed. Policy Under System Policy, select the policy identified in Choose a policy. Click Grant permissions.
Click Close.