Create and manage MaxCompute projects in the console-MaxCompute(MaxCompute)-阿里云帮助中心

Permissions

Operation	Required permissions
Create a project	Requires AliyunMaxComputeFullAccess or the corresponding RAM permissions (odps:CreateProject). The project creator is assigned the `Super_Administrator` role by default with full project control.
Configure a project	Editing Basic Information requires RAM permissions verification. Configuring Basic Properties requires RAM permissions verification or the Super_Administrator role for the project.
Data operations	Data operations require in-project object permissions. Data operations through the MaxCompute console or OpenAPI also require RAM permissions verification.
Configure permission properties	Requires RAM permissions verification, or an administrative role (Admin) for the project, including Super_Administrator, Admin, or a custom role with administrative permissions.
Configure IP whitelist	Requires RAM permissions verification, or an administrative role (Admin) for the project, including Super_Administrator, Admin, or a custom role with administrative permissions.

Note

Alibaba Cloud primary accounts can create and configure projects by default. Data operations still require explicit authorization.

Considerations

Permanent deletion: Deleting a project permanently destroys all data and resources. This action is irreversible. Back up data before proceeding.
Scope: The console handles project-level management only. To create and develop data assets such as tables, resources, and UDFs, use odpscmd or DataWorks.
Permission usage: The Super_Administrator and Admin roles have full or near-full project management permissions. Grant these roles with caution.

Access project management

Log in to the MaxCompute console and select a region in the upper-left corner.
In the left-side navigation pane, choose Manage Configurations > Projects.

Basic project operations

Create a project

On the Projects page, click Create Project. In the Create Project dialog box, configure the settings and click OK.

All available settings are listed in the Appendix: Project configuration parameters.

Edit a project

On the Projects page, click Manage in the Actions column for the target project.
On the Project Settings page, click the Parameter Configuration tab.
Edit the project parameters.

All available settings are listed in the Appendix: Project configuration parameters.

Follow a project

On the Projects page, hover over the name of a project and click the icon to Follow the project.
On the Overview page, the Following section lists the Projects you follow.

Delete a project

On the Projects page, click Delete in the Actions column for the target project.
In the Delete Project dialog box, select the Are you sure that you want to delete the MaxCompute project? checkbox and click OK to delete the MaxCompute project.
MaxCompute projects are Immediately Delete and Prohibit Project Restoration.

Important

Impact of deleting a project:

Permanent data loss: All tables and data in the project are immediately and permanently deleted and cannot be recovered. The larger the project, the longer the cleanup takes. If you create a project with the same name immediately after deletion and get an error indicating the project already exists, retry later.
Job failures: All jobs submitted to the deleted project will fail.
Workspace issues: If the project is bound to a DataWorks workspace, unbind it before deletion. Deleting the MaxCompute project directly causes the associated DataWorks workspace to malfunction.

Freeze and restore a project

MaxCompute projects support the following status change operations:

Freeze: Stops the project. Frozen projects cannot run jobs or serve queries, but data is retained and storage fees still apply.

After freezing, the project Status changes to Stopped. If the account has overdue payments, all frozen projects are automatically unfrozen after payment.

On the Projects page, click Freeze in the Actions column for the target project.
Restore: Restores a project from stopped or pre-deletion status. After restoration, the project Status changes to Normal.

On the Projects page, click Restore in the Actions column for the target project.

Tag management

Tags are an Alibaba Cloud resource management tool for cost allocation, resource grouping, and automated O&M. You can view and bind tags on the project management page.

Create tags for a single project

Hover over the icon in the Tag column of the target item, and click Edit/Edit.
The button displays Edit if no tags have been created, or Edit otherwise.
In the Configure Tags dialog box, enter a Tag Key and a Tag Value.
Click OK. In the Configure Tags successfully dialog box, click Close.

Create tags for multiple projects in bulk

To add tags to multiple projects, select the projects and click Batch Add Tag at the bottom of the page.
In the Configure Tags dialog box, enter a Tag Key and a Tag Value.
Click OK. In the Configure Tags successfully dialog box, click Close.

Unbind tags from a single project

Hover over the icon in the Tag column of the target item, and click Edit.
In the Configure Tags dialog box, click the icon next to the tag that you want to unbind.
Click OK. In the Configure Tags successfully dialog box, click Close.

Unbind tags from multiple projects in bulk

To remove tags from multiple projects, select the projects and click Batch Remove Tag at the bottom of the page.
In the Delete Tags for Multiple Resources dialog box, select the tags you want to unbind.
Click Unbind x Tags. In the Configure Tags successfully dialog box, click Close.

Use tags

On the Projects page, click Filter by Tag to filter projects by tag key and value.

Manage project assets

View packages, tables, resources, UDFs, and periodic tasks in your project, and configure schema support.

Configure Schema

On the Projects page, click Enable Schema in the Actions column for the target project.

If the button is not displayed, the project already supports Schema.

Use packages for cross-project resource sharing

Packages enable cross-project resource access in MaxCompute.

Use packages to share tables, resources, or functions across projects without sharing compute resources or managing data permissions separately.

The cross-project authorization workflow involves a resource provider and a resource consumer:

Provider: Share a package

On the Projects page, click Manage in the Actions column for the target project.
On the Project Settings page, click the Package tab.
On the Project Settings page, click the Package tab.
In the Create Package dialog box, enter a Package Name, select the Table, Resource, and Function to share, set the corresponding permissions, and click OK.
On the Package tab, click Specify Project in the Actions column for the target package. In the Specify Project dialog box, enter the names of the projects that can use this package.

Consumer: Install a package

On the Project Settings page, click the Package tab.
Click Install Package.
In the Install Package dialog box, enter the Package Name that you want to access and click OK.

The format is projectName.package_name. Only one package can be installed at a time.
(Optional) Grant the package to a role, then assign the role to users. Manage user permissions in the console.

For CLI operations, see 基于Package跨项目访问资源.

View tables, resources, UDFs, and periodic tasks

The project configuration page lets you view tables, resources, UDFs, and periodic tasks.
Creating, modifying, and deleting assets is not supported in the console. Use the MaxCompute client (odpscmd) or DataWorks for table, resource, and UDF development.

Permission configuration

Role permissions and authorization

Manage project role permissions and assign roles to users.

On the Project Settings page, click the Role Permissions tab.
Click Create Project-level Role to create a project role with the required MaxCompute permissions.

In the Create Role dialog box, configure the parameters as prompted and click OK.

All available settings are listed in the Appendix: Project configuration parameters.

Available permissions per object type:

Object	Permissions
Table	Describe、Select、Update、Alter、Drop、ShowHistory、Download
Resource	Read、Write、Download、Delete
Function	Read、Write、Download、Execute、Delete
Package	Read
Project	Read、Write、List、CreateTable、CreateInstance

Select the target project-level role and click Manage Members in the Actions column. Select the Alibaba Cloud account or RAM user you want to authorize, and click OK. If you cannot find the account when you first try to grant permissions, you can add it in the Add Member Manually section below.

View project members

Users must be added to a project before receiving data permissions. On the Project Settings page, select the Project Member tab to view all member permissions.

Next steps

Set up your MaxCompute development environment and install the required tools. Select a connection tool.

Appendix: Project configuration parameters

The following table lists all project configuration parameters:

Category	Parameter	Description	Configurable at creation
Basic Information	Project Name (Globally Unique)	Globally unique. Cannot be modified after creation. Must start with a letter and contain only letters, digits, and underscores (_). Length: 3 to 28 characters.
	Billing Method	Specify the Billing Method and set the Default Quota. All compute jobs without an explicitly specified quota use the Default Quota. Subscription: Best for long-term stable workloads. Provides dedicated compute resources and avoids resource contention. Pay-as-you-go: Best for short-term or testing workloads. Bills based on actual usage. For quota type selection, see Manage quotas. For usage details, see 计算资源-Quota使用.
	Default Quota
	Total Storage	View the current storage size of the project. Matches the metering metric: compressed logical storage size at the project level.
Lifecycle Configuration	Data Retention Lifecycle	Configure the table Configure Lifecycle by setting the `odps.table.lifecycle` property. Valid values: Optional: The Lifecycle clause is optional when creating a table. Tables without a lifecycle setting are retained permanently. Mandatory: Every table must have a lifecycle clause. Inherit: Tables without a lifecycle setting inherit the value of odps.table.lifecycle.value. The odps.table.lifecycle.value property specifies the table lifecycle in days. Valid values: `1~37231`. Default: 37231.
Lifecycle Configuration	Tiered Storage Lifecycle	Define tiered storage lifecycle rules that automatically convert storage types. Either Last Access Configuration Policy or Last Modified Configuration Policy triggers the conversion — only one condition is needed. Non-partitioned tables: The rule applies to the entire table. When met, storage converts from standard to infrequent access. Partitioned tables: Each partition is evaluated independently. Only partitions meeting the condition are converted. Automatic configuration using lifecycle rules.
Super Administrator	Member	View or edit the `super_administrator` role members of the project. Equivalent to managing `super_administrator` members on the Role Permissions tab, but supports RAM permission verification: a RAM user with `UpdateUsersToSuperAdmin` can manage `super_administrator` members here. RAM permissions.
Basic Properties	Allow full table scans on partitioned tables	Control full table scans by setting the `odps.sql.allow.fullscan` property. Full scans consume significant resources. We recommend that you do not enable this feature.
	Backup data retention days	Configure backup data retention by setting the `odps.timemachine.retention.days` property. Data can be restored to any backed-up version within the retention period. Valid values: [0,30]. Default: 1. A value of 0 disables backup.
	Data Type Edition	Select the data type version for the project. 1.0 data types: For legacy MaxCompute projects whose dependent components do not support 2.0 data types. 2.0 data types: For MaxCompute projects created before April 2020 with no existing data, whose dependent components support 2.0 data types. Hive-compatible types: For MaxCompute projects migrated from Hadoop, whose dependent components support 2.0 data types.
	DECIMAL in MaxCompute V2.0	Enable or disable the MaxCompute 2.0 Decimal type by setting `odps.sql.decimal.odps2`.
	Storage Type	Data storage type is a project-level setting. For storage specifications and billing, see Storage pricing. Multi-zone Storage: Uses multi-AZ redundant storage to store data across multiple availability zones within the same region. Single-zone Storage: Uses single-AZ redundant storage to store data across multiple devices within a single availability zone. Important Use multi-AZ storage for production data. Multi-AZ provides AZ-level fault tolerance, ensuring uninterrupted reads and writes during AZ failures and guaranteeing data integrity and security. 同城容灾.
	Storage Encryption	Specify whether to enable Storage encryption for the project. If encryption is enabled, select a key and algorithm: Key: Options: MaxCompute Default Key (internally managed) and Bring Your Own Key (BYOK). Algorithm: AES256, AESCTR, or RC4.
	Default Tunnel Quota	Default data transfer service resource group for reading and writing project data when no specific quota is assigned. Typically Default (shared resource group). Cannot be modified in the console.
	Authorized Tunnel Quota	Grants all project users and roles permission to use the configured dedicated resource group for data reads and writes, eliminating manual SDK authorization. Each project supports only one dedicated resource group.
	Overlay Tunnel Quota	Allows stacking a dedicated data transfer resource group with the Default resource group. With a purchased dedicated resource group, project concurrency increases to the combined resources of the shared and dedicated groups. Each project supports only one dedicated resource group, but multiple projects can share the same dedicated resource group. When using stacked mode, set the quota group to Default. To use the storage API, specify the dedicated resource group with the QuotaName format: ot_42854300324**_169821756_p#ot_42854300324_169821756. Note This feature is available in select regions only. Check the console for availability. Data transfer service default quota and data transfer service authorized quota. Data transfer service stacked** quota.
	Max Resources Consumed by An SQL Statement	Set the maximum cost for a single SQL job by configuring `odps.sql.metering.value.max`. Unit: scan volume (GB) × complexity. Optional. Recommended for Pay-as-you-go billing to prevent unexpectedly high costs from a single SQL job. Also configure real-time consumption monitoring alerts for comprehensive cost control. Consumption monitoring alert.
	Time Zone	Set the project timezone with `odps.sql.timezone`. Affects time-related functions such as `NOW()` and `GETDATE()`, ensuring consistent results across regions.
Permission Properties	ACL-based Access Control	Enable or disable ACL-based access control by configuring the `CheckPermissionUsingACL` property. Default: true (enabled).
	Policy-based Access Control	Enable or disable Policy-based access control by configuring the `CheckPermissionUsingPolicy` property. Default: true (enabled).
	Perform Operations on Objects by Object Creator	Configure whether object creators have access permissions to their objects by setting the `ObjectCreatorHasAccessPermission` property. Default: enabled.
	Grant Permissions on Objects by Object Creator	Configure whether object creators have grant permissions on their objects by setting the `ObjectCreatorHasGrantPermission` property. Default: enabled.
	Label-based Access Control	Enable or disable Label-based access control by setting the `LabelSecurity` property. Default: disabled.
	Project Data Protection	Enable or disable Project data protection for the project by setting the `ProjectProtection` property to prohibit or allow data to leave the project. If Project Data Protection is enabled, you can also configure Exception or Trusted Project. Project data protection.
	Download Permission	Enable or disable the Download权限控制 feature by setting the `odps.security.enabledownloadprivilege` property.
	Enable Project-level Tenant Resource Access Control	View the tenant resources bound to the project. Project-level access control for tenant resources. Note This feature is in preview only. Enabling checks is not yet supported.
IP Address Whitelist	Internet and Cloud Product Interconnection Network IP Address	IP whitelist for public network and cloud product interconnection. Only listed devices can access the project. Important If only the public network and cloud product interconnection IP whitelist is configured, public network and cloud product interconnection access is restricted by the configuration, and all VPC network access is prohibited.
IP Address Whitelist	VPC IP Addresses	IP whitelist for VPC network. Only listed devices can access the project. Important If only the VPC network IP whitelist is configured, VPC network access is restricted by the configuration, and all public network and cloud product interconnection access is prohibited.
MaxCompute External Network	Available MaxCompute External Network Addresses	Add or remove target public IP addresses, domain names, or ports for outbound access. Network connection process.
Intelligent Optimization Switch	AutoMV	When enabled, materialized views are automatically created based on query patterns and performance to reduce redundant computation.
Intelligent Optimization Switch	Maximum Storage for AutoMV	Maximum storage for AutoMV. When exceeded, AutoMV stops writing to materialized views. Manage the AutoMV switch and set the storage limit.