This topic describes how to create, update, and delete a data lake connection, and how to grant other users permissions to use it.
This feature is in invitation-only preview. To enable it, submit a ticket.
Overview
A data lake connection (CONNECTION) hosts access credentials for cloud services. You can delegate access to external storage through a connection for scenarios such as data discovery and querying external tables. The connection is encrypted and stored securely in the metadata service. Users with the Connection_Admin or Connection_User role can manage and use the corresponding connections. When you use a connection to access cloud services, you no longer need to expose authentication information, such as AccessKey IDs and AccessKey secrets, in plaintext.
Use cases
Create an OSS data discovery task by using a connection.
Create and access an OSS external table by using a connection.
Usage notes
Region: Data lake connections are supported only in the China (Beijing) and China (Shenzhen) regions.
Permissions: An Alibaba Cloud account or a user with the tenant-level
Connection_Adminrole can manage and create a connection.Role
Permissions
Connection_Admin
List, view, create, update, delete, and use connections. Grant other users the Connection_User role so they can use a connection.
Connection_User
View and use a connection.
Grant roles
If you are a RAM user, you must be granted the tenant-level
Connection_Adminrole before you can create and manage connections. For instructions, see Tenant-level role authorization.Currently, only an Alibaba Cloud account can grant the
Connection_Adminrole.登录MaxCompute控制台,在左上角选择地域。
在左侧导航栏,选择 。
在Tenants页面,单击Roles页签。
在Roles页签,选择
Connection_Admin,单击对应的Actions列的Create Authorization。在弹出的Create Authorization对话框,添加需要授权的用户,单击OK完成授权。
Create a connection
登录MaxCompute控制台,在左上角选择地域。
在左侧导航栏,选择。
在Data Lake Connection (CONNECTION)页面,单击Create Data Lake Connection。
在弹出的Create Data Lake Connection对话框,填写如下参数,然后单击OK完成创建数据湖连接。
Parameter
Description
Data lake connection parameter
The name of the data lake connection. The name must be unique within a tenant.
RAMRoleARN
The Alibaba Cloud Resource Name (ARN) of the RAM role with OSS access permissions.
You can create a custom role and specify its RAMRoleARN. For more information, see Authorization scheme for accessing external data sources.
Data lake connection description
The description of the data lake connection.
Authorize a connection
To grant other users permission to use a connection, grant them the Connection_User role by following these steps.
登录MaxCompute控制台,在左上角选择地域。
在左侧导航栏,选择。
在Data Lake Connection (CONNECTION)页面,单击要授予其他用户使用的CONNECTION对应的Operation列的Add Authorization。
在弹出的Data Lake Connection Authorization对话框,添加需要授权的用户,单击OK完成授权。
View connections
登录MaxCompute控制台,在左上角选择地域。
在左侧导航栏,选择。
在Data Lake Connection (CONNECTION)页面,查看CONNECTION列表。
Delete a connection
Deleting a connection invalidates access authorizations for dependent external tables and external storage, causing access attempts to fail. Evaluate the potential impact on your business before you proceed. This action is irreversible.
登录MaxCompute控制台,在左上角选择地域。
在左侧导航栏,选择。
在Data Lake Connection (CONNECTION)页面,单击要删除的CONNECTION对应的Operation列的Delete。
在弹出的对话框中,继续单击Delete即可。