当您使用资源组对资源进行分组管理时,可以结合访问控制(RAM),在单个阿里云账号内实现资源的隔离和精细化权限管理。本文总结了大数据开发治理平台DataWorks对资源组的支持情况,以及资源组级别的授权操作步骤。
-
只有支持资源组的资源类型和支持资源组级别授权的操作,资源组级别授权才能生效。
-
对于不支持资源组的资源类型,授予资源组范围的权限将无效。在选择资源范围时,请选择账号级别,进行账号级别授权。具体操作,请参见不支持资源组级别授权的操作。
资源组授权的工作原理
您可以使用资源组(Resource Group)对阿里云账号内的资源进行分组管理。例如,为不同的项目创建对应的资源组,并将资源转移到对应的组中,以便集中管理各项目的资源。更多信息,请参见什么是资源组。
在完成资源分组后,您可以为不同的RAM授权主体(RAM用户、RAM用户组或RAM角色)授予指定资源组范围的权限,从而限定这个授权主体只能管理该资源组内的资源。更多信息,请参见资源分组和授权。
这种授权方式的优点有:
-
权限精细化:确保每个身份能获得最准确的资源访问权限,避免账号下的多个项目的资源混合管理。
-
良好的扩展性:后续新增资源时,只需将其加入该资源组,RAM身份便会自动获得新资源的相应权限,无需再次授权。
为RAM用户授予资源组级别的权限
下面以RAM用户为例,介绍授予指定资源组内大数据开发治理平台DataWorks资源权限的操作步骤。
1. 前置步骤
2. 进行资源组级别授权
您可以通过以下任一方式进行资源组级别授权。
方式一:在资源管理控制台中授权
通过资源组的权限管理功能为指定 RAM 用户授权。详情操作可参见为RAM身份授予资源组范围的权限。
方式二:在 RAM 控制台中授权
通过RAM控制台为指定 RAM 用户进行资源组级别授权。详细操作可参见为RAM用户授权。
支持资源组的资源类型
大数据开发治理平台DataWorks支持资源组的资源类型如下表所示:
|
云服务 |
云服务代码 |
资源类型 |
|
大数据开发治理平台DataWorks |
dide |
dwresourcegroup : DataWorks资源组 |
|
大数据开发治理平台DataWorks |
dide |
project : 工作空间 |
|
大数据开发治理平台DataWorks |
dide |
tenantresourcegroup : 独享资源组 |
对于暂不支持资源组的资源类型,如有需要,您可以在资源组控制台提交反馈。
不支持资源组级别授权的操作
大数据开发治理平台DataWorks中不支持资源组级别授权的操作(Action)如下:
|
操作(Action) |
操作描述 |
|
dataworks:AddDpProjectSubUser |
- |
|
dataworks:AddDpProjectUserRole |
- |
|
dataworks:AddDpTenantSubUser |
- |
|
dataworks:AddEntityIntoMetaCollection |
- |
|
dataworks:AddRecognizeRule |
- |
|
dataworks:AddTenantMemberToRole |
- |
|
dataworks:BatchUpdateTasks |
- |
|
dataworks:BindDpSubUserAk |
- |
|
dataworks:BindDpUserAk |
- |
|
dataworks:CheckAbTestFeatures |
- |
|
dataworks:CheckCallback |
- |
|
dataworks:CheckProjectIdentifier |
- |
|
dataworks:CheckRamPermissions |
- |
|
dataworks:CloneDataSource |
- |
|
dataworks:CreateBusiness |
- |
|
dataworks:CreateComponent |
- |
|
dataworks:CreateComputeResource |
在指定项目空间创建一条计算资源,可以是开发环境或生产环境。 |
|
dataworks:CreateDIJob |
- |
|
dataworks:CreateDataAssetTag |
- |
|
dataworks:CreateDataQualityAlertRule |
- |
|
dataworks:CreateDataQualityScan |
- |
|
dataworks:CreateDataQualityScanRun |
- |
|
dataworks:CreateDataQualityTemplate |
- |
|
dataworks:CreateDataSource |
- |
|
dataworks:CreateDataSourceSharedRule |
- |
|
dataworks:CreateDataWorksPayAsYouGoService |
- |
|
dataworks:CreateDataset |
- |
|
dataworks:CreateDatasetVersion |
- |
|
dataworks:CreateDpProject |
- |
|
dataworks:CreateDpSubUser |
- |
|
dataworks:CreateFile |
- |
|
dataworks:CreateFolder |
- |
|
dataworks:CreateIdentifyCredential |
- |
|
dataworks:CreateLineageRelationship |
- |
|
dataworks:CreateMetaCollection |
- |
|
dataworks:CreateProjectRole |
- |
|
dataworks:CreateResourceFile |
- |
|
dataworks:CreateTenantRole |
- |
|
dataworks:CreateUdfFile |
- |
|
dataworks:CreateWorkflowInstances |
- |
|
dataworks:DataWorksMember |
- |
|
dataworks:DeleteBusiness |
- |
|
dataworks:DeleteComponent |
- |
|
dataworks:DeleteComputeResource |
- |
|
dataworks:DeleteDataAssetTag |
- |
|
dataworks:DeleteDataQualityAlertRule |
- |
|
dataworks:DeleteDataQualityScan |
- |
|
dataworks:DeleteDataQualityTemplate |
- |
|
dataworks:DeleteDataSource |
- |
|
dataworks:DeleteDataSourceSharedRule |
- |
|
dataworks:DeleteDataset |
- |
|
dataworks:DeleteDatasetVersion |
- |
|
dataworks:DeleteDpProject |
- |
|
dataworks:DeleteDpProjectSubUser |
- |
|
dataworks:DeleteDpTenantSubUser |
- |
|
dataworks:DeleteFile |
- |
|
dataworks:DeleteFolder |
- |
|
dataworks:DeleteLineageRelationship |
- |
|
dataworks:DeleteMetaCollection |
- |
|
dataworks:DeleteNetwork |
- |
|
dataworks:DeleteProjectRole |
- |
|
dataworks:DeleteRecognizeRule |
- |
|
dataworks:DeleteTask |
- |
|
dataworks:DeleteTenantRole |
- |
|
dataworks:DeleteWorkflow |
- |
|
dataworks:DeployFile |
- |
|
dataworks:DsgDesensPlanAddOrUpdate |
- |
|
dataworks:DsgDesensPlanDelete |
- |
|
dataworks:DsgDesensPlanQueryList |
- |
|
dataworks:DsgDesensPlanUpdateStatus |
- |
|
dataworks:DsgPlatformQueryProjectsAndSchemaFromMeta |
- |
|
dataworks:DsgQueryDesensStatusList |
- |
|
dataworks:DsgQuerySensResult |
- |
|
dataworks:DsgSceneAddOrUpdateScene |
- |
|
dataworks:DsgSceneQuerySceneListByName |
- |
|
dataworks:DsgScenedDeleteScene |
- |
|
dataworks:DsgStopSensIdentify |
- |
|
dataworks:DsgUpdateDesensStatusList |
- |
|
dataworks:DsgUserGroupAddOrUpdate |
- |
|
dataworks:DsgUserGroupDelete |
- |
|
dataworks:DsgUserGroupGetOdpsRoleGroups |
- |
|
dataworks:DsgUserGroupQueryList |
- |
|
dataworks:DsgUserGroupQueryUserList |
- |
|
dataworks:DsgWhiteListAddOrUpdate |
- |
|
dataworks:DsgWhiteListDeleteList |
- |
|
dataworks:DsgWhiteListQueryList |
- |
|
dataworks:EditRecognizeRule |
- |
|
dataworks:EstablishRelationTableToBusiness |
- |
|
dataworks:ExecuteAdhocWorkflowInstance |
- |
|
dataworks:GetBusiness |
- |
|
dataworks:GetCatalog |
- |
|
dataworks:GetCertificate |
- |
|
dataworks:GetColumn |
- |
|
dataworks:GetComponent |
- |
|
dataworks:GetComputeResource |
- |
|
dataworks:GetConfig |
- |
|
dataworks:GetCreateWorkflowInstancesResult |
- |
|
dataworks:GetDataQualityAlertRule |
- |
|
dataworks:GetDataQualityScan |
- |
|
dataworks:GetDataQualityScanRun |
- |
|
dataworks:GetDataQualityScanRunLog |
- |
|
dataworks:GetDataQualityTemplate |
- |
|
dataworks:GetDataSource |
- |
|
dataworks:GetDatabase |
- |
|
dataworks:GetDataset |
- |
|
dataworks:GetDatasetVersion |
- |
|
dataworks:GetDeploymentPackage |
- |
|
dataworks:GetDpProjectCreationInfo |
- |
|
dataworks:GetFile |
- |
|
dataworks:GetFileVersion |
- |
|
dataworks:GetFolder |
- |
|
dataworks:GetIDEEventDetail |
- |
|
dataworks:GetJobStatus |
- |
|
dataworks:GetLineageRelationship |
- |
|
dataworks:GetMetaCollection |
- |
|
dataworks:GetNetwork |
- |
|
dataworks:GetPartition |
- |
|
dataworks:GetRerunWorkflowInstancesResult |
- |
|
dataworks:GetSchema |
- |
|
dataworks:GetTable |
- |
|
dataworks:GetTask |
- |
|
dataworks:GetTaskInstance |
- |
|
dataworks:GetTaskInstanceLog |
- |
|
dataworks:GetTenantRole |
- |
|
dataworks:GetUser |
- |
|
dataworks:GetWorkflow |
- |
|
dataworks:GetWorkflowInstance |
- |
|
dataworks:ImportCertificate |
- |
|
dataworks:ListAlarmResource |
- |
|
dataworks:ListBusiness |
- |
|
dataworks:ListCatalogs |
- |
|
dataworks:ListColumns |
- |
|
dataworks:ListComponents |
- |
|
dataworks:ListComputeResources |
- |
|
dataworks:ListContacts |
- |
|
dataworks:ListCrawlerTypes |
- |
|
dataworks:ListDataAssetTags |
- |
|
dataworks:ListDataAssets |
- |
|
dataworks:ListDataQualityAlertRules |
- |
|
dataworks:ListDataQualityScanRuns |
- |
|
dataworks:ListDataQualityScans |
- |
|
dataworks:ListDataQualityTemplates |
- |
|
dataworks:ListDataSourceSharedRules |
- |
|
dataworks:ListDataSources |
- |
|
dataworks:ListDataWorksPayAsYouGoServices |
- |
|
dataworks:ListDatabases |
- |
|
dataworks:ListDatasetVersions |
- |
|
dataworks:ListDatasets |
- |
|
dataworks:ListDeploymentPackages |
- |
|
dataworks:ListDownstreamTaskInstances |
- |
|
dataworks:ListDownstreamTasks |
- |
|
dataworks:ListDpProject |
- |
|
dataworks:ListDpProjectUser |
- |
|
dataworks:ListDpTenantUser |
- |
|
dataworks:ListEntitiesInMetaCollection |
- |
|
dataworks:ListFileVersions |
- |
|
dataworks:ListFiles |
- |
|
dataworks:ListFolders |
- |
|
dataworks:ListLineageRelationships |
- |
|
dataworks:ListLineages |
- |
|
dataworks:ListMeasureData |
- |
|
dataworks:ListMeasuresGroupByModule |
- |
|
dataworks:ListMetaCollections |
- |
|
dataworks:ListPartitions |
- |
|
dataworks:ListPermissions |
- |
|
dataworks:ListProjectIds |
- |
|
dataworks:ListProjectModules |
- |
|
dataworks:ListProjectProcesses |
- |
|
dataworks:ListRegions |
- |
|
dataworks:ListResourceGroup |
- |
|
dataworks:ListSchemas |
- |
|
dataworks:ListTables |
- |
|
dataworks:ListTaskInstanceOperationLogs |
- |
|
dataworks:ListTaskInstances |
- |
|
dataworks:ListTaskOperationLogs |
- |
|
dataworks:ListTasks |
- |
|
dataworks:ListTenantMembers |
- |
|
dataworks:ListTenantRoles |
- |
|
dataworks:ListUpstreamTaskInstances |
- |
|
dataworks:ListUpstreamTasks |
- |
|
dataworks:ListUserResources |
- |
|
dataworks:ListWorkflowInstances |
- |
|
dataworks:ListWorkflows |
- |
|
dataworks:MetaListDpOuterResource |
- |
|
dataworks:MetaListDpTable |
- |
|
dataworks:ModifyContacts |
|
|
dataworks:ModifyResourceGroup |
- |
|
dataworks:MoveComponent |
- |
|
dataworks:OpenDataWorksStandardService |
- |
|
dataworks:PreviewDatasetVersion |
- |
|
dataworks:QueryDefaultTemplate |
- |
|
dataworks:QueryDefaultTemplates |
- |
|
dataworks:QueryRecognizeDataByRuleType |
- |
|
dataworks:QueryRecognizeRuleDetail |
- |
|
dataworks:QueryRecognizeRulesType |
- |
|
dataworks:QuerySensClassification |
- |
|
dataworks:QuerySensLevel |
- |
|
dataworks:QuerySensNodeInfo |
- |
|
dataworks:RemoveEntityFromMetaCollection |
- |
|
dataworks:RemoveProjectMembers |
- |
|
dataworks:RemoveTaskInstanceDependencies |
- |
|
dataworks:RemoveTenantMemberFromRole |
- |
|
dataworks:RerunTaskInstances |
- |
|
dataworks:RerunWorkflowInstances |
- |
|
dataworks:ResumeTaskInstances |
- |
|
dataworks:RunIdentifyOpenapi |
- |
|
dataworks:SetConfig |
- |
|
dataworks:SetSuccessTaskInstances |
- |
|
dataworks:ShowResourceGroupDetail |
- |
|
dataworks:StartWorkflowInstances |
- |
|
dataworks:StopTaskInstances |
- |
|
dataworks:StopWorkflowInstances |
- |
|
dataworks:SubmitFile |
- |
|
dataworks:SuspendTaskInstances |
- |
|
dataworks:SyncRAMContactInfo |
- |
|
dataworks:TagDataAssets |
- |
|
dataworks:TerminateDISyncInstance |
- |
|
dataworks:TestDataSourceConnectivity |
- |
|
dataworks:TriggerSchedulerTaskInstance |
- |
|
dataworks:UnTagDataAssets |
- |
|
dataworks:UpdateBusiness |
- |
|
dataworks:UpdateColumnBusinessMetadata |
- |
|
dataworks:UpdateComponent |
- |
|
dataworks:UpdateComputeResource |
- |
|
dataworks:UpdateContactInfo |
- |
|
dataworks:UpdateDataAssetTag |
- |
|
dataworks:UpdateDataQualityAlertRule |
- |
|
dataworks:UpdateDataQualityEvaluationTask |
- |
|
dataworks:UpdateDataQualityScan |
- |
|
dataworks:UpdateDataQualityTemplate |
- |
|
dataworks:UpdateDataSource |
- |
|
dataworks:UpdateDataset |
- |
|
dataworks:UpdateDatasetVersion |
- |
|
dataworks:UpdateFile |
- |
|
dataworks:UpdateFolder |
- |
|
dataworks:UpdateIDEEventResult |
- |
|
dataworks:UpdateMetaCollection |
- |
|
dataworks:UpdateProjectRole |
- |
|
dataworks:UpdateTableBusinessMetadata |
- |
|
dataworks:UpdateTask |
- |
|
dataworks:UpdateTaskInstances |
- |
|
dataworks:UpdateTenantRole |
- |
|
dataworks:UpdateUdfFile |
- |
|
dataworks:UpdateWorkflow |
- |
|
dataworks:createIdentifyCredential |
- |
对于不支持资源组授权的操作,授权时资源范围选择资源组级别将无效。如果仍需要RAM用户有上述操作权限,您需要创建自定义权限策略,授权时资源范围选择账号级别。
以下是两个自定义权限策略示例,您可以根据实际需要调整策略内容。
-
允许不支持资源组级别授权的全部只读操作:
Action中列举不支持资源组级别授权的所有只读操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "dataworks:ListAlarmResource", "dataworks:ListContacts", "dataworks:ListResourceGroup", "dataworks:ListUserResources", "dataworks:ShowResourceGroupDetail" ], "Resource": "*" } ] } -
允许不支持资源组级别授权的全部操作:
Action中列举不支持资源组级别授权的全部操作。{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "dataworks:AddDpProjectSubUser", "dataworks:AddDpProjectUserRole", "dataworks:AddDpTenantSubUser", "dataworks:AddEntityIntoMetaCollection", "dataworks:AddRecognizeRule", "dataworks:AddTenantMemberToRole", "dataworks:BatchUpdateTasks", "dataworks:BindDpSubUserAk", "dataworks:BindDpUserAk", "dataworks:CheckAbTestFeatures", "dataworks:CheckCallback", "dataworks:CheckProjectIdentifier", "dataworks:CheckRamPermissions", "dataworks:CloneDataSource", "dataworks:CreateBusiness", "dataworks:CreateComponent", "dataworks:CreateComputeResource", "dataworks:CreateDIJob", "dataworks:CreateDataAssetTag", "dataworks:CreateDataQualityAlertRule", "dataworks:CreateDataQualityScan", "dataworks:CreateDataQualityScanRun", "dataworks:CreateDataQualityTemplate", "dataworks:CreateDataSource", "dataworks:CreateDataSourceSharedRule", "dataworks:CreateDataWorksPayAsYouGoService", "dataworks:CreateDataset", "dataworks:CreateDatasetVersion", "dataworks:CreateDpProject", "dataworks:CreateDpSubUser", "dataworks:CreateFile", "dataworks:CreateFolder", "dataworks:CreateIdentifyCredential", "dataworks:CreateLineageRelationship", "dataworks:CreateMetaCollection", "dataworks:CreateProjectRole", "dataworks:CreateResourceFile", "dataworks:CreateTenantRole", "dataworks:CreateUdfFile", "dataworks:CreateWorkflowInstances", "dataworks:DataWorksMember", "dataworks:DeleteBusiness", "dataworks:DeleteComponent", "dataworks:DeleteComputeResource", "dataworks:DeleteDataAssetTag", "dataworks:DeleteDataQualityAlertRule", "dataworks:DeleteDataQualityScan", "dataworks:DeleteDataQualityTemplate", "dataworks:DeleteDataSource", "dataworks:DeleteDataSourceSharedRule", "dataworks:DeleteDataset", "dataworks:DeleteDatasetVersion", "dataworks:DeleteDpProject", "dataworks:DeleteDpProjectSubUser", "dataworks:DeleteDpTenantSubUser", "dataworks:DeleteFile", "dataworks:DeleteFolder", "dataworks:DeleteLineageRelationship", "dataworks:DeleteMetaCollection", "dataworks:DeleteNetwork", "dataworks:DeleteProjectRole", "dataworks:DeleteRecognizeRule", "dataworks:DeleteTask", "dataworks:DeleteTenantRole", "dataworks:DeleteWorkflow", "dataworks:DeployFile", "dataworks:DsgDesensPlanAddOrUpdate", "dataworks:DsgDesensPlanDelete", "dataworks:DsgDesensPlanQueryList", "dataworks:DsgDesensPlanUpdateStatus", "dataworks:DsgPlatformQueryProjectsAndSchemaFromMeta", "dataworks:DsgQueryDesensStatusList", "dataworks:DsgQuerySensResult", "dataworks:DsgSceneAddOrUpdateScene", "dataworks:DsgSceneQuerySceneListByName", "dataworks:DsgScenedDeleteScene", "dataworks:DsgStopSensIdentify", "dataworks:DsgUpdateDesensStatusList", "dataworks:DsgUserGroupAddOrUpdate", "dataworks:DsgUserGroupDelete", "dataworks:DsgUserGroupGetOdpsRoleGroups", "dataworks:DsgUserGroupQueryList", "dataworks:DsgUserGroupQueryUserList", "dataworks:DsgWhiteListAddOrUpdate", "dataworks:DsgWhiteListDeleteList", "dataworks:DsgWhiteListQueryList", "dataworks:EditRecognizeRule", "dataworks:EstablishRelationTableToBusiness", "dataworks:ExecuteAdhocWorkflowInstance", "dataworks:GetBusiness", "dataworks:GetCatalog", "dataworks:GetCertificate", "dataworks:GetColumn", "dataworks:GetComponent", "dataworks:GetComputeResource", "dataworks:GetConfig", "dataworks:GetCreateWorkflowInstancesResult", "dataworks:GetDataQualityAlertRule", "dataworks:GetDataQualityScan", "dataworks:GetDataQualityScanRun", "dataworks:GetDataQualityScanRunLog", "dataworks:GetDataQualityTemplate", "dataworks:GetDataSource", "dataworks:GetDatabase", "dataworks:GetDataset", "dataworks:GetDatasetVersion", "dataworks:GetDeploymentPackage", "dataworks:GetDpProjectCreationInfo", "dataworks:GetFile", "dataworks:GetFileVersion", "dataworks:GetFolder", "dataworks:GetIDEEventDetail", "dataworks:GetJobStatus", "dataworks:GetLineageRelationship", "dataworks:GetMetaCollection", "dataworks:GetNetwork", "dataworks:GetPartition", "dataworks:GetRerunWorkflowInstancesResult", "dataworks:GetSchema", "dataworks:GetTable", "dataworks:GetTask", "dataworks:GetTaskInstance", "dataworks:GetTaskInstanceLog", "dataworks:GetTenantRole", "dataworks:GetUser", "dataworks:GetWorkflow", "dataworks:GetWorkflowInstance", "dataworks:ImportCertificate", "dataworks:ListAlarmResource", "dataworks:ListBusiness", "dataworks:ListCatalogs", "dataworks:ListColumns", "dataworks:ListComponents", "dataworks:ListComputeResources", "dataworks:ListContacts", "dataworks:ListCrawlerTypes", "dataworks:ListDataAssetTags", "dataworks:ListDataAssets", "dataworks:ListDataQualityAlertRules", "dataworks:ListDataQualityScanRuns", "dataworks:ListDataQualityScans", "dataworks:ListDataQualityTemplates", "dataworks:ListDataSourceSharedRules", "dataworks:ListDataSources", "dataworks:ListDataWorksPayAsYouGoServices", "dataworks:ListDatabases", "dataworks:ListDatasetVersions", "dataworks:ListDatasets", "dataworks:ListDeploymentPackages", "dataworks:ListDownstreamTaskInstances", "dataworks:ListDownstreamTasks", "dataworks:ListDpProject", "dataworks:ListDpProjectUser", "dataworks:ListDpTenantUser", "dataworks:ListEntitiesInMetaCollection", "dataworks:ListFileVersions", "dataworks:ListFiles", "dataworks:ListFolders", "dataworks:ListLineageRelationships", "dataworks:ListLineages", "dataworks:ListMeasureData", "dataworks:ListMeasuresGroupByModule", "dataworks:ListMetaCollections", "dataworks:ListPartitions", "dataworks:ListPermissions", "dataworks:ListProjectIds", "dataworks:ListProjectModules", "dataworks:ListProjectProcesses", "dataworks:ListRegions", "dataworks:ListResourceGroup", "dataworks:ListSchemas", "dataworks:ListTables", "dataworks:ListTaskInstanceOperationLogs", "dataworks:ListTaskInstances", "dataworks:ListTaskOperationLogs", "dataworks:ListTasks", "dataworks:ListTenantMembers", "dataworks:ListTenantRoles", "dataworks:ListUpstreamTaskInstances", "dataworks:ListUpstreamTasks", "dataworks:ListUserResources", "dataworks:ListWorkflowInstances", "dataworks:ListWorkflows", "dataworks:MetaListDpOuterResource", "dataworks:MetaListDpTable", "dataworks:ModifyContacts", "dataworks:ModifyResourceGroup", "dataworks:MoveComponent", "dataworks:OpenDataWorksStandardService", "dataworks:PreviewDatasetVersion", "dataworks:QueryDefaultTemplate", "dataworks:QueryDefaultTemplates", "dataworks:QueryRecognizeDataByRuleType", "dataworks:QueryRecognizeRuleDetail", "dataworks:QueryRecognizeRulesType", "dataworks:QuerySensClassification", "dataworks:QuerySensLevel", "dataworks:QuerySensNodeInfo", "dataworks:RemoveEntityFromMetaCollection", "dataworks:RemoveProjectMembers", "dataworks:RemoveTaskInstanceDependencies", "dataworks:RemoveTenantMemberFromRole", "dataworks:RerunTaskInstances", "dataworks:RerunWorkflowInstances", "dataworks:ResumeTaskInstances", "dataworks:RunIdentifyOpenapi", "dataworks:SetConfig", "dataworks:SetSuccessTaskInstances", "dataworks:ShowResourceGroupDetail", "dataworks:StartWorkflowInstances", "dataworks:StopTaskInstances", "dataworks:StopWorkflowInstances", "dataworks:SubmitFile", "dataworks:SuspendTaskInstances", "dataworks:SyncRAMContactInfo", "dataworks:TagDataAssets", "dataworks:TerminateDISyncInstance", "dataworks:TestDataSourceConnectivity", "dataworks:TriggerSchedulerTaskInstance", "dataworks:UnTagDataAssets", "dataworks:UpdateBusiness", "dataworks:UpdateColumnBusinessMetadata", "dataworks:UpdateComponent", "dataworks:UpdateComputeResource", "dataworks:UpdateContactInfo", "dataworks:UpdateDataAssetTag", "dataworks:UpdateDataQualityAlertRule", "dataworks:UpdateDataQualityEvaluationTask", "dataworks:UpdateDataQualityScan", "dataworks:UpdateDataQualityTemplate", "dataworks:UpdateDataSource", "dataworks:UpdateDataset", "dataworks:UpdateDatasetVersion", "dataworks:UpdateFile", "dataworks:UpdateFolder", "dataworks:UpdateIDEEventResult", "dataworks:UpdateMetaCollection", "dataworks:UpdateProjectRole", "dataworks:UpdateTableBusinessMetadata", "dataworks:UpdateTask", "dataworks:UpdateTaskInstances", "dataworks:UpdateTenantRole", "dataworks:UpdateUdfFile", "dataworks:UpdateWorkflow", "dataworks:createIdentifyCredential" ], "Resource": "*" } ] }
获得账号级别权限的RAM用户或RAM角色,能够操作整个账号范围内的相关资源。请务必确认所授予的权限是否符合预期,遵从最小授权原则谨慎分配权限。
常见问题
如何查看当前资源属于哪个资源组?
-
方式一:单击资源名称,进入资源的详情页面,即可查看到当前资源的资源组。
-
方式二:登录资源管理控制台,单击,在左侧选择目标资源所属账号(默认为当前账号),通过筛选条件定位目标资源,即可查看其所属资源组。
如何查看当前产品在某个资源组下的所有资源?
如何批量修改多个资源的资源组?
登录资源管理控制台,单击,在目标资源组所在行的操作列下,单击资源管理以进入资源管理页面。通过筛选条件定位多个目标资源,批量勾选第一列的复选框后单击下方转移资源组,并按页面提示完成资源组修改。