All Products
Search

This Product

    DataWorks:Configure a user group

    Document Center

    DataWorks:Configure a user group

    Last Updated:Nov 25, 2025

    The user group management feature in DataWorks lets you add multiple accounts with the same access permissions to a user group. When you configure data masking, you can add the user group to a whitelist to allow accounts in the group to view raw data. This topic describes how to create and manage user groups.

    Limits

    This feature is available only in DataWorks Professional Edition and later.

    Go to the Data Security Guard page

    1. Go to the DataStudio page.

      Log on to the DataWorks console. In the top navigation bar, select the desired region. In the left-side navigation pane, choose Data Development and O&M > Data Development. On the page that appears, select the desired workspace from the drop-down list and click Go to Data Development.

    2. Click the 图标 icon in the upper-left corner. Then, choose All Products > Data Governance > Data Security Guard. On the page that appears, click Try Now to go to the Data Security Guard page.

      Note

      • If your Alibaba Cloud account is granted the required permissions, you can directly access the homepage of Data Security Guard.

      • If your Alibaba Cloud account is not granted the required permissions, you are redirected to the authorization page of Data Security Guard. You can use the features of Data Security Guard only after your Alibaba Cloud account is granted the required permissions.

    Create a user group

    You can create a user group on the Data Security Guard page.

    1. In the navigation pane on the left, choose Rule Configuration > User Group Management.

    2. Create a user group.

      1. Click Create User Group. In the New User Group dialog box, configure User Group Name and add destination accounts to the user group.

      2. You can add destination accounts to the user group based on different account source types.

        Account source type

        Method

        Text

        Add accounts by clicking Upload File. You can upload a text file that contains account information to add multiple accounts at a time. This method is suitable for scenarios where you need to add many accounts.

        Note

        DataWorks supports only .txt text files in UTF-8 format. The information for each account must be on a separate line. The file can contain a maximum of 1,000 lines, which means you can upload up to 1,000 accounts.

        Select an existing account

        This method lets you select existing Alibaba Cloud Account (including RAM users), RAM Role, or Role of MC (MaxCompute). This method is suitable for scenarios where you need to add a small number of accounts.

        1. Select an account type as needed.

        2. In the Account to Be Added area, select the destination accounts and click the image icon to add the accounts to the Added Accounts area.

        Note

        For MaxCompute roles, you can add multiple roles from only a single MaxCompute project to a user group.

      3. Click OK to create the user group.

    Use a user group

    After you create a user group, you can add it to the whitelist of a data masking rule in Data Masking Management. Users in the group can then view the raw data that is masked by this rule. For more information, see Create a data masking rule.

    Manage user groups

    On the User Group Management page, you can manage the user groups that you have created.

    View user groups

    You can view the basic information for all existing user groups, including User Group Name, Submitted At, and Associated Data Masking Whitelists.

    • Search for a user group: You can search for a user group by User Group or Owner. Fuzzy search is supported. The search results display all user groups that contain the keyword.

    • Sort user groups: You can sort all user groups by submission time in ascending or descending order. This helps you find a user group by creation time.

    • View Associated Data Masking Whitelists: If a user group is associated with a data masking whitelist, you can click the image icon in the Associated Data Masking Whitelists column to view the names of the data masking rules that use the user group.

    More operations

    • Copy a user group: Click the Copy icon in the Actions column of the target user group to quickly create another user group with the same configuration.

    • Edit a user group: To add whitelist permissions for a destination account or revoke the permissions of a whitelisted user, click the Settings icon in the Actions column of the target user group to modify its settings.

    • Delete a user group: To delete a user group that is no longer needed, click the Delete icon in the Actions column of the target user group.