CreatePermissionApplyOrder - DataWorks - Alibaba Cloud Documentation Center

Creates a permission request.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

dataworks:*

create

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
ApplyUserIds	string	Yes	The UIDs of the Alibaba Cloud accounts that request the permissions. To request permissions for multiple accounts, separate the UIDs with commas (,).	26784260040899**,26784260040899**
Deadline	integer	No	The expiration time for the permissions. This must be a UNIX timestamp. If you do not set this parameter, the permissions expire on January 1, 2065. You can request permanent permissions only if LabelSecurity is disabled for the MaxCompute project, or if the security level of the table fields is 0 or does not exceed the security level of the requesting account. In the DataWorks console, you can check if column-level access control is enabled on the advanced configuration page for the MaxCompute engine. You can also view field security levels in Data Map and account security levels on the member management page.	1617115071885
ApplyReason	string	Yes	The reason for the request. The administrator uses this for approval.	I need to use this table
MaxComputeProjectName	string	No	The name of the MaxCompute project for which to request permissions.	aMaxcomputeProjectName
WorkspaceId	integer	No	The ID of the DataWorks workspace that contains the MaxCompute project. To find the workspace ID, go to the workspace configuration page in the DataWorks console.	12345
OrderType `deprecated`	integer	No	This parameter is deprecated. Leave it empty.	1
EngineType `deprecated`	string	No	This parameter is deprecated. Leave it empty.	odps
ApplyObject	array<object>	Yes	The list of objects for which to request permissions.
	array<object>	No	The object.
Actions	string	No	The actions to request for the table. To request multiple actions, separate them with commas (,). Valid values: Select, Describe, Drop, Alter, Update, and Download.	Select,Describe
ColumnMetaList	array<object>	No	A list of column objects.
	object	No	The object that is returned.
Name	string	No	The name of the target column. To request permissions for an entire table, specify all of its columns. You can request permissions for specific columns only if LabelSecurity is enabled for the MaxCompute project. If LabelSecurity is disabled, you must request permissions for the entire table.	aColumnName
Actions	string	No	The actions to request for the column. To request multiple actions, separate them with commas (,). Valid values: Select, Describe, and Download.	Select
Name	string	No	The name of the object for which to request permissions. Currently, you can request permissions only for MaxCompute tables. Specify the name of the target table.	aTableName
ApplyType	string	No	The type of the request. Valid values: MaxComputeTable: A request for permissions on a MaxCompute table. MaxComputeFunction: A request for permissions on a MaxCompute function. MaxComputeResource: A request for permissions on a MaxCompute resource. DLFSchema: A request for permissions on a schema in DLF V1.0. DLFTable: A request for permissions on a table in DLF V1.0. DLFColumn: A request for permissions on a column in DLF V1.0. DsApiDeploy: A request for permissions to publish an API in DataService Studio.	MaxComputeTable
CatalogName	string	No	The name of the data catalog to query. To view the data catalog name, go to the DLF console.	hive

Response elements

Element	Type	Description	Example
	object	The returned object.
RequestId	string	The ID of the request.	0bc1ec92159376****
FlowId	array	A list of flow IDs.
	string	The ID of the generated approval request. If you request permissions for multiple objects that have different approvers, the system generates multiple approval requests. In this case, an array of approval request IDs is returned.	ee276e6e-5d34-46d8-b848-bca7879ed233

Examples

Success response

JSON format

{
  "RequestId": "0bc1ec92159376****",
  "FlowId": [
    "ee276e6e-5d34-46d8-b848-bca7879ed233"
  ]
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.