Before members in a workspace can use various data sources in the workspace, the members must be granted the permissions that are required to access the data in compute engines. This topic describes how to manage permissions on data in compute engines in DataWorks.
Prerequisites
You are familiar with the physical attributes of workspaces. For more information, see Differences between workspaces in basic mode and workspaces in standard mode.
You are familiar with the environment types of compute engines that are used in different DataWorks services. For more information, see the Appendix: Compute engines that correspond to different DataWorks service modules in workspaces in basic and standard modes section of the "Differences between workspaces in basic mode and workspaces in standard mode" topic.
Permissions required to access data in different types of data sources
The following table describes the permissions that are required to access data in different types of compute engines and the methods that can be used to grant the permissions to the members in a workspace.
Data source type | Permission description | References |
MaxCompute | Built-in role The built-in workspace-level roles of DataWorks are mapped to the roles of a MaxCompute compute engine. If you assign a built-in workspace-level role to a RAM user, the RAM user is automatically granted the permissions of the mapped role of the MaxCompute compute engine in the development environment.
Custom workspace-level role If you create a custom workspace-level role and map the role to a role of a MaxCompute compute engine, the custom workspace-level role has the permissions of the mapped role of the MaxCompute compute engine. | |
EMR cluster | You can configure mappings between the members in a workspace and the accounts of the EMR cluster that is registered to DataWorks. This way, the members in the workspace are granted the permissions of the accounts of the EMR cluster. | |
Cloudera's Distribution Including Apache Hadoop (CDH) or Cloudera Data Platform (CDP) cluster | When you register a CDH or CDP cluster to DataWorks, you can configure mappings between the members in your workspace and Linux or Kerberos accounts of the CDH or CDP cluster. This way, the members in the workspace are granted the permissions on the CDH or CDP cluster. | |
Hologres | You can grant the permissions on a Hologres compute engine to the members in a workspace by using policies supported by Hologres. If you want to grant the permissions on a Hologres data source added to a workspace to the members in the workspace, you must perform the authorization based on the authorization-related topic in Hologres. | |
Other types of data sources | The permissions on the data sources are determined by the scheduling access identities that are specified for different environments when you add the data sources to a workspace. Note
| - |