Built-in workspace-level roles and permissions of these roles - DataWorks

DataWorks provides the following built-in workspace-level roles: Workspace Owner, Workspace Administrator, Data Analyst, Develop, O&M, Deploy, Visitor, Security Administrator, Model Designer, and Data Governance Administrator. This topic describes the permissions of these roles.

By default, the built-in workspace-level roles provided by DataWorks have read permissions on all workspace-level services. The management and operation permissions of different built-in workspace-level roles on workspace-level services vary. The following table describes the built-in workspace-level roles and the permissions of each built-in workspace-level role on workspace-level services.

Role	Description
Workspace Owner	This role has all permissions on a workspace. The owner of a workspace is an Alibaba Cloud account. For example, the Workspace Owner role can be used to assign a role to a RAM user and remove a member that is not the owner of a workspace from the workspace.
Workspace Administrator	This role has permissions that are second only to the permissions of the Workspace Administrator role. The Workspace Administrator role can also be used to perform operations such as adding a user to a workspace as a member, removing a member from a workspace, or assigning a role to a member.
Data Analyst	This role has permissions only on DataAnalysis.
Develop	This role has permissions to perform data development and maintenance operations on the DataStudio page of a workspace. Note If you want to perform data development operations as a RAM user, you must assign the Develop or Workspace Administrator role to the RAM user. If you want to perform the deploy operation as a RAM user, you must assign the O&M or Workspace Administrator role to the RAM user.
O&M	This role has permissions to deploy tasks to the production environment on the Create Deploy Task page and perform O&M operations on all tasks in a workspace in Operation Center.
Deploy	This role has permissions to review the code of a task and determine whether to commit the task to Operation Center in a workspace in standard mode.
Visitor	This role has read-only permissions on workflows and code on the DataStudio page of a workspace.
Security Administrator	This role has permissions only on Data Security Guard.
Model Designer	This role has permissions to view models in Data Modeling and modify parameter configurations in Data Warehouse Planning, Data Standard, Dimensional Modeling, and Data Metric. This role does not have permissions to publish models.
Data Governance Administrator	This role has permissions to view and manage data governance content of the workspace to which this role belongs in Data Governance Center. Note This role does not have permissions to view data governance situations of all workspaces in a region from the global perspective or manage global governance operations, such as enabling check items at the global level. If you want to allow a RAM user to perform global governance operations, assign the Data Governance Administrator role at the tenant level to the RAM user. For more information, see Data Governance Administrator role at the tenant level. For more information about the features that are supported by the Data Governance Administrator role at the workspace level, see Data Governance.

The tables in the following sections describe the permissions of different built-in workspace-level roles on workspace-level services. In the tables, Yes indicates that a role has the specified permission, and No indicates that a role does not have the specified permission.

Data management
Deployment management
Button control
Code development
Function development
Node type selection
Resource management
Workflow development
Workspace management
Workflow O&M
Node O&M
Dashboard
Baseline
Alerting and monitoring
Data Integration
Data Modeling
DataAnalysis
Data Governance

The built-in workspace-level roles also have specified permissions on the data of a MaxCompute compute engine. For more information, see Manage permissions on data in a MaxCompute compute engine instance.

Note

You can execute the related statement to query permissions on data of a MaxCompute compute engine. For more information, see Query permissions by using MaxCompute SQL. For example, you can execute the describe role Role_Project_Dev statement to query whether the Develop role of DataWorks has the Create Table permission on a MaxCompute compute engine.
For information about mappings between built-in workspace-level roles of DataWorks and roles of a MaxCompute compute engine, see Appendix: Mappings between the built-in workspace-level roles of DataWorks and the roles of MaxCompute.

Data management

Permission	Workspace Owner	Workspace Administrator	Data Analyst	Develop	O&M	Deploy	Visitor	Security Administrator	Model Developer	Data Governance Administrator
Delete a self-created table	Yes	Yes	No	Yes	No	No	No	No	No	No
Configure a category for a self-created table	Yes	Yes	No	Yes	No	No	No	No	No	No
View a favorite table	Yes	Yes	No	Yes	No	No	No	No	No	No
Create a table	Yes	Yes	No	Yes	No	No	No	No	No	No
Show a self-created table	Yes	Yes	No	Yes	No	No	No	No	No	No
Modify the schema of a self-created table	Yes	Yes	No	Yes	No	No	No	No	No	No
View a self-created table	Yes	Yes	No	Yes	No	No	No	No	No	No
View the content of a self-submitted permission request	Yes	Yes	No	Yes	No	No	No	No	No	No
Hide a self-created table	Yes	Yes	No	Yes	No	No	No	No	No	No
Configure the time to live (TTL) for a self-created table	Yes	Yes	No	Yes	No	No	No	No	No	No
Request permissions on a table created by other users	Yes	Yes	No	Yes	No	No	No	No	No	No
Update a table in the development environment	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Delete a table in the development environment	Yes	Yes	No	Yes	No	No	No	No	No	No
Preview data	Yes	Yes	No	Yes	Yes	Yes	Yes	Yes	No	No
Add assignment parameters	Yes	Yes	No	Yes	No	Yes	No	No	No	No

Deployment management

Permission	Workspace Owner	Workspace Administrator	Data Analyst	Develop	O&M	Deploy	Visitor	Security Administrator	Model Developer	Data Governance Administrator
Create a deployment package	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the list of deployment packages	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No	No
Revoke a deployment package	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Perform/Reject a deployment operation	Yes	Yes	No	No	Yes	Yes	No	No	No	No
View the content of a deployment package	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No	No
Cancel deployment	Yes	Yes	No	Yes	Yes	No	No	No	No	No

Button control

Permission	Workspace Owner	Workspace Administrator	Data Analyst	Develop	O&M	Deploy	Visitor	Security Administrator	Model Developer	Data Governance Administrator
Stop	Yes	Yes	No	Yes	No	No	No	No	No	No
Format	Yes	Yes	No	Yes	No	No	No	No	No	No
Edit	Yes	Yes	No	Yes	No	No	No	No	No	No
Run	Yes	Yes	No	Yes	No	No	No	No	No	No
Zoom in	Yes	Yes	No	Yes	No	No	No	No	No	No
Save	Yes	Yes	No	Yes	No	No	No	No	No	No
Show/Hide	Yes	Yes	No	Yes	No	No	No	No	No	No
Delete	Yes	Yes	No	Yes	No	No	No	No	No	No

Code development

Permission	Workspace Owner	Workspace Administrator	Data Analyst	Develop	O&M	Deploy	Visitor	Security Administrator	Model Developer	Data Governance Administrator
Save and commit the code of a task	Yes	Yes	No	Yes	No	No	No	No	No	No
View the code of a task	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No	No
Write the code of a task	Yes	Yes	No	Yes	No	No	No	No	No	No
Delete the code of a task	Yes	Yes	No	Yes	No	No	No	No	No	No
View the code of a task	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No	No
Run the code of a task	Yes	Yes	No	Yes	No	No	No	No	No	No
Modify the code of a task	Yes	Yes	No	Yes	No	No	No	No	No	No
Download a file	Yes	Yes	No	No	No	No	No	No	No	No
Upload a file	Yes	Yes	No	Yes	No	No	No	No	No	No

Function development

Permission	Workspace Owner	Workspace Administrator	Data Analyst	Develop	O&M	Deploy	Visitor	Security Administrator	Model Developer	Data Governance Administrator
View the details about a function	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No	No
Create a function	Yes	Yes	No	Yes	No	No	No	No	No	No
Query a function	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No	No
Delete a function	Yes	Yes	No	Yes	No	No	No	No	No	No

Node type selection

Permission	Workspace Owner	Workspace Administrator	Data Analyst	Develop	O&M	Deploy	Visitor	Security Administrator	Model Developer	Data Governance Administrator
PAI	Yes	Yes	No	Yes	No	No	No	No	No	No
MR	Yes	Yes	No	Yes	No	No	No	No	No	No
CDP	Yes	Yes	No	Yes	No	No	No	No	No	No
SQL	Yes	Yes	No	Yes	No	No	No	No	No	No
XLIB	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No	No
Shell	Yes	Yes	No	Yes	No	No	No	No	No	No
Zero load	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No	No
script_seahawks	Yes	Yes	No	Yes	No	No	No	No	No	No
dtboost_analytic	Yes	Yes	No	Yes	No	No	No	No	No	No
dtboost_recommend	Yes	Yes	No	Yes	No	No	No	No	No	No
PyODPS	Yes	Yes	No	Yes	No	No	No	No	No	No
AnalyticDB for PostgreSQL	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
AnalyticDB for MySQL	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
HTTP Trigger	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No	No
Database	Yes	Yes	No	Yes	No	No	No	No	No	No

Resource management

Permission	Workspace Owner	Workspace Administrator	Data Analyst	Develop	O&M	Deploy	Visitor	Security Administrator	Model Developer	Data Governance Administrator
View the list of resources	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No	No
Delete a resource	Yes	Yes	No	Yes	No	No	No	No	No	No
Upload a resource	Yes	Yes	No	Yes	No	No	No	No	No	No
Upload a JAR file	Yes	Yes	No	Yes	No	No	No	No	No	No
Upload a text file	Yes	Yes	No	Yes	No	No	No	No	No	No
Upload an archive file	Yes	Yes	No	Yes	No	No	No	No	No	No

Workflow development

Permission	Workspace Owner	Workspace Administrator	Data Analyst	Develop	O&M	Deploy	Visitor	Security Administrator	Model Developer	Data Governance Administrator
Run or stop a workflow	Yes	Yes	No	Yes	No	No	No	No	No	No
Save a workflow	Yes	Yes	No	Yes	No	No	No	No	No	No
View a workflow	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No	No
Commit the code of a node	Yes	Yes	No	Yes	No	No	No	No	No	No
Modify a workflow	Yes	Yes	No	Yes	No	No	No	No	No	No
View the list of workflows	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No	No
Change the owner of a workflow	Yes	Yes	No	No	No	No	No	No	No	No
View the code of a node	Yes	Yes	No	Yes	No	No	No	No	No	No
Delete a workflow	Yes	Yes	No	Yes	No	No	No	No	No	No
Create a workflow	Yes	Yes	No	Yes	No	No	No	No	No	No
Create a folder	Yes	Yes	No	Yes	No	No	No	No	No	No
Delete a folder	Yes	Yes	No	Yes	No	No	No	No	No	No
Modify a folder	Yes	Yes	No	Yes	No	No	No	No	No	No

Workspace management

Permission	Workspace Owner	Workspace Administrator	Data Analyst	Develop	O&M	Deploy	Visitor	Security Administrator	Model Developer	Data Governance Administrator
View the basic information about a workspace	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Create a baseline	Yes	Yes	No	No	No	No	No	No	No	No
Delete a baseline	Yes	Yes	No	No	No	No	No	No	No	No
Edit a baseline	Yes	Yes	No	No	No	No	No	No	No	No
Query the list of baselines	Yes	Yes	No	No	No	No	No	No	No	No
View a baseline	Yes	Yes	No	No	No	No	No	No	No	No
Test network connectivity	Yes	Yes	No	No	No	No	No	No	No	No
Add a data source	Yes	Yes	No	No	No	No	No	No	No	No
Delete a data source	Yes	Yes	No	No	Yes	No	No	No	No	No
Edit a data source	Yes	Yes	No	No	Yes	No	No	No	No	No
Search for a data source	Yes	Yes	No	No	No	No	No	No	No	No
View the data sources added in a workspace	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Enable scheduling	Yes	Yes	No	No	No	No	No	No	No	No
View the scheduling properties of a task	Yes	Yes	No	No	No	No	No	No	No	No
Add a member to a workspace	Yes	Yes	No	No	No	No	No	No	No	No
Change the roles of workspace members	Yes	Yes	No	No	No	No	No	No	No	No
View the list of members in a workspace	Yes	Yes	No	No	No	No	No	No	No	No
Remove a member from a workspace	Yes	Yes	No	No	No	No	No	No	No	No
Search for a workspace member	Yes	Yes	No	No	No	No	No	No	No	No
Modify the configurations of a compute engine	Yes	Yes	No	No	No	No	No	No	No	No
View the configurations of a compute engine	Yes	Yes	No	No	No	No	No	No	No	No
Query the list of members within a tenant	Yes	Yes	No	No	No	No	No	No	No	No
Modify the basic information about a workspace	Yes	Yes	No	No	No	No	No	No	No	No
Modify the scheduling enabling setting	No	Yes	No	No	No	No	No	No	No	No
Whether to allow code modification	No	Yes	No	No	No	No	No	No	No	No
Whether to allow the downloading of query results obtained by executing SELECT statements	No	Yes	No	No	No	No	No	No	No	No
Query the list of roles in a workspace	No	Yes	No	No	No	No	No	No	No	No
Associate a resource group with a workspace	No	Yes	No	No	No	No	No	No	No	No
Disassociate a resource group from a workspace	No	Yes	No	No	No	No	No	No	No	No
Specify a default resource group for a workspace	No	Yes	No	No	No	No	No	No	No	No
Query the list of resource groups that are associated with a workspace	No	Yes	No	No	No	No	No	No	No	No
Create a resource group in a workspace	No	Yes	No	No	No	No	No	No	No	No
Delete a resource group	No	Yes	No	No	No	No	No	No	No	No
Initialize servers in a resource group	No	Yes	No	No	No	No	No	No	No	No
Query the list of servers in a resource group	No	Yes	No	No	No	No	No	No	No	No
Add servers to a resource group	No	Yes	No	No	No	No	No	No	No	No
Remove servers from a resource group	No	Yes	No	No	No	No	No	No	No	No
Update the server status and slots of a resource group	No	Yes	No	No	No	No	No	No	No	No
Query the list of workspaces with which a resource group is associated	No	Yes	No	No	No	No	No	No	No	No
Associate multiple resource groups with a workspace at a time	No	Yes	No	No	No	No	No	No	No	No
Query the list of roles in a MaxCompute project	No	Yes	No	No	No	No	No	No	No	No
Create a MaxCompute role	No	Yes	No	No	No	No	No	No	No	No
Delete a MaxCompute role	No	Yes	No	No	No	No	No	No	No	No
Query the MaxCompute roles that are assigned to a member	No	Yes	No	No	No	No	No	No	No	No
Modify the MaxCompute roles that are assigned to a member	No	Yes	No	No	No	No	No	No	No	No
Query the permissions of a role on workspaces and tables	No	Yes	No	No	No	No	No	No	No	No
Revoke permissions on workspaces or tables	No	Yes	No	No	No	No	No	No	No	No
Grant permissions on workspaces or tables	No	Yes	No	No	No	No	No	No	No	No
Query the security policy of a MaxCompute project	No	Yes	No	No	No	No	No	No	No	No
Modify the setting of ACL-based access control	No	Yes	No	No	No	No	No	No	No	No
Modify the setting of allowing an object creator to access the object	No	Yes	No	No	No	No	No	No	No	No
Modify the setting of allowing an object creator to grant permissions on the object	No	Yes	No	No	No	No	No	No	No	No
Modify the data protection setting of a workspace	No	Yes	No	No	No	No	No	No	No	No
Control whether a RAM user can access a MaxCompute project	No	Yes	No	No	No	No	No	No	No	No
Update the object that you want to deploy in a workspace	No	Yes	No	No	No	No	No	No	No	No
Refresh a RAM user	No	Yes	No	No	No	No	No	No	No	No
Query the list of MaxCompute users	No	Yes	No	No	No	No	No	No	No	No
Share a data source	Yes	Yes	No	No	No	No	No	No	No	No
Migrate tables in databases	Yes	Yes	No	No	No	No	No	No	No	No
Import table model design into or export table model design from DataStudio	Yes	Yes	No	No	No	No	No	No	No	No
Configure a resource group for a synchronization task	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No	No
Enable permission configuration for GPU resources for PAI and deep learning tasks in a workspace	Yes	Yes	No	No	No	No	No	No	No	No
Allow access from Management Center to the security configurations of a MaxCompute project	Yes	No	No	No	No	No	No	No	No	No
Create a real-time synchronization node	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Delete a workspace	Yes	Yes	No	No	No	No	No	No	No	No

Workflow O&M

Permission	Workspace Owner	Workspace Administrator	Data Analyst	Develop	O&M	Deploy	Visitor	Security Administrator	Model Developer	Data Governance Administrator
View a DAG	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Go to the DataStudio page	Yes	Yes	No	Yes	No	No	No	No	No	No
View the DAG of an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View ancestor and descendant nodes in a DAG	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the list of workflows	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the operation logs of a workflow	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Perform smoke testing	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Backfill data	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Change the owner of an object	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the details about a workflow	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View ancestor and descendant instances of an instance in a DAG	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Suspend an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Restore an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Terminate an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Terminate multiple instances at a time	Yes	Yes	No	No	Yes	No	No	No	No	No
View the list of instances	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View run logs	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Rerun an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Rerun multiple instances at a time	Yes	Yes	No	No	Yes	No	No	No	No	No
Search for an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Set the status of an instance to success	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Rerun the descendant instances of an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Whether to perform a check for the first logon	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
View the DAG of a manually triggered node	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Freeze and suspend a node	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Unfreeze and resume a node	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
View the lineages of a node	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the details about a node	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the operation logs of a node	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Change the baseline for a node	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Resume an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Remove dependencies for an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the lineages of an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the details about an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the running history of an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the baselines affected by instances	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Undeploy a node	Yes	Yes	No	No	Yes	No	No	No	No	No
Forcefully rerun the descendant nodes of a node	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Forcibly rerun an instance	Yes	Yes	No	No	Yes	No	No	No	No	No
Change the running priority of an instance	Yes	Yes	No	No	Yes	No	No	No	No	No

Node O&M

Permission	Workspace Owner	Workspace Administrator	Data Analyst	Develop	O&M	Deploy	Visitor	Security Administrator	Model Developer	Data Governance Administrator
Change the baseline for a node	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Change the baseline for multiple nodes at a time	Yes	Yes	No	No	Yes	No	No	No	No	No
View the code of a node	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Change the owners of multiple nodes at a time	Yes	Yes	No	No	Yes	No	No	No	No	No
Change the resource group for a node	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Change the resource groups for multiple nodes at a time	Yes	Yes	No	No	Yes	No	No	No	No	No
Perform smoke testing	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Backfill data	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Remove dependencies for an instance	Yes	Yes	No	No	Yes	No	No	No	No	No
Suspend an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Restore an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Refresh the attribute information about an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Terminate an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Terminate multiple instances at a time	Yes	Yes	No	No	Yes	No	No	No	No	No
Change the running priority of an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Refresh the dependencies of an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Rerun an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Set the status of an instance to success	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Diagnose an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Diagnose the waiting duration	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the basic information about a resource group	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the information about an instance that is in the Running or Waiting state	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the usage trend of slots in a resource group	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Query the list of tasks that occupy resources in a resource group	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Show diagnostics information	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Query the list of MaxCompute instances	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Rerun a data quality check task	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Use an HTTP Trigger node to trigger an instance	Yes	Yes	No	Yes	Yes	No	No	No	No	No

Dashboard

Permission	Workspace Owner	Workspace Administrator	Data Analyst	Develop	O&M	Deploy	Visitor	Security Administrator	Model Developer	Data Governance Administrator
View the number of baselines in the Overtime state	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Remove a record from the dashboard	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the ranking of tasks by error within 30 days	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the trend for the number of tasks that are scheduled	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the completion situations of tasks	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the running information about tasks	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the ranking of tasks by running duration	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the distribution of tasks by type	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View top-priority items on the dashboard	Yes	Yes	No	Yes	Yes	No	No	No	No	No

Baseline

Permission	Workspace Owner	Workspace Administrator	Data Analyst	Develop	O&M	Deploy	Visitor	Security Administrator	Model Developer	Data Governance Administrator
View the metrics of baselines	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the list of baselines	Yes	Yes	No	Yes	Yes	No	No	No	No	No

Monitoring and alerting

Permission	Workspace Owner	Workspace Administrator	Data Analyst	Develop	O&M	Deploy	Visitor	Security Administrator	Model Developer	Data Governance Administrator
View the list of notification messages	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Disable an alert	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Disable multiple alerts at a time	Yes	Yes	No	No	Yes	No	No	No	No	No
Enable or disable phone call notifications	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Create custom notification rules	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Delete custom notification rules	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Edit custom notification rules	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View custom notification rules	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View all events	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the details about an event	Yes	Yes	No	Yes	Yes	No	No	No	No	No
View the list of personal events	Yes	Yes	No	Yes	Yes	No	No	No	No	No

Data Integration

Permission	Workspace Owner	Workspace Administrator	Data Analyst	Develop	O&M	Deploy	Visitor	Security Administrator	Model Developer	Data Governance Administrator
Edit a node	Yes	Yes	No	Yes	No	No	No	No	No	No
View a node	Yes	Yes	No	Yes	No	No	No	No	No	No
Delete a node	Yes	Yes	No	Yes	No	No	No	No	No	No
Access the menu for managing data synchronization resources	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
View the list of resource groups for data synchronization	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No	No
Create a resource group for data synchronization	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
View the list of Elastic Compute Service (ECS) instances in a resource group for data synchronization	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Add an ECS instance to a resource group for data synchronization	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Remove an ECS instance from a resource group for data synchronization	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Modify an ECS instance in a resource group for data synchronization	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Obtain the AccessKey pair for accessing a resource group for data synchronization	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Delete a resource group for data synchronization	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Monitor resource consumption	Yes	Yes	No	No	No	No	No	No	No	No
Change the resource groups for tasks in Operation Center	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Access the menu for managing synchronization tasks	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Switch to the code editor	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Obtain the list of members in a workspace	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Call the API operation to write the code of a task	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Call the API operation to save or update the code of a task	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Call the API operation to obtain the code of a task based on the file ID	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No	No
Query the list of Data Integration nodes	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Call the API operation to query a table	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Call the API operation to query a field	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Call the API operation to query the list of data sources	Yes	Yes	No	Yes	Yes	Yes	Yes	Yes	Yes	No
Call the API operation to add a data source	Yes	Yes	No	No	Yes	No	No	No	No	No
Call the API operation to query the details about a data source	Yes	Yes	No	Yes	Yes	Yes	Yes	Yes	Yes	No
Call the API operation to update a data source	Yes	Yes	No	No	Yes	No	No	No	No	No
Call the API operation to delete a data source	Yes	Yes	No	No	Yes	No	No	No	No	No
Test network connectivity	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Preview data	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Check whether the Stream feature is enabled for a Tablestore table	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Activate Tablestore	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Query the statement used to create a MaxCompute table	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Create a MaxCompute table	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Query the creation status of a MaxCompute table	Yes	Yes	No	Yes	Yes	Yes	No	No	No	No
Share a data source added in Data Integration	Yes	Yes	No	No	No	No	No	No	No	No

Data Modeling

Permission	Workspace Owner	Workspace Administrator	Data Analyst	Develop	O&M	Deploy	Visitor	Security Administrator	Model Developer	Data Governance Administrator
Data Metric -- Edit	Yes	Yes	No	Yes	Yes	No	No	No	No	No
Data Metric -- View	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No
Data Metric -- Publish	Yes	Yes	No	No	Yes	No	No	No	No	No
Dimensional Modeling -- View	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No
Dimensional Modeling -- Edit	Yes	Yes	No	Yes	Yes	No	No	No	Yes	No
Dimensional Modeling -- Publish	Yes	Yes	No	No	Yes	No	No	No	No	No
Data Standard -- View	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No
Data Standard -- Edit	Yes	Yes	No	Yes	Yes	No	No	No	Yes	No
Data Standard -- Publish	Yes	Yes	No	No	Yes	No	No	No	No	No
Data Warehouse Planning -- View	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No
Data Warehouse Planning -- Edit	Yes	Yes	No	Yes	Yes	No	No	No	Yes	No
Dimensional Modeling -- Publish an object to the development environment	Yes	Yes	No	Yes	Yes	No	No	No	No	No

DataAnalysis

Permission	Workspace Owner	Workspace Administrator	Data Analyst	Develop	O&M	Deploy	Visitor	Security Administrator	Model Developer	Data Governance Administrator
Access pages in DataAnalysis	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	Yes	No
Use DataAnalysis	Yes	Yes	Yes	Yes	Yes	Yes	No	Yes	Yes	No

Note

By default, a custom role does not have the permissions of the Data Analyst role. If you want to use DataAnalysis by assuming a custom role, you can ask a user with the Workspace Administrator role to assign the Data Analyst role to you. For more information about how to assign a role to a workspace member, see Manage permissions on workspace-level services. For more information about custom roles, see Permissions of workspace-level roles.

Data Governance

Permission	Workspace Owner	Workspace Administrator	Data Governance Administrator	Data Analyst	Develop	O&M	Deploy	Visitor	Security Administrator	Model Designer
View governance effectiveness from the global perspective on the Assessment tab	No	No	No	No	No	No	No	No	No	No
View governance effectiveness from the workspace perspective on the Assessment tab	Yes	Yes	Yes	No	No	No	No	No	No	No
View the governance effectiveness of each governance owner from the individual perspective on the Assessment tab	Yes	Yes	Yes	No	No	No	No	No	No	No
View the governance ranking of a workspace on the Governance Rankings page	Yes	Yes	Yes	No	No	No	No	No	No	No
View the governance ranking of user accounts in a workspace on the Governance Rankings page	Yes	Yes	Yes	No	No	No	No	No	No	No
View governance issues from the workspace perspective on the Governance Issue page	Yes	Yes	Yes	No	No	No	No	No	No	No
View governance issues from the individual perspective on the Governance Issue page	Yes	Yes	Yes	No	No	No	No	No	No	No
Change the owner of a table from the workspace perspective	Yes	Yes	No	No	No	No	No	No	No	No
Change the owner of a table from the individual perspective	Yes	Yes	No	No	No	Yes	No	No	No	No
Change the TTL of a table from the workspace perspective	Yes	Yes	No	No	No	No	No	No	No	No
Change the TTL of a table from the individual perspective	Yes	Yes	No	No	Yes	Yes	No	No	No	No
Create an undeployment plan for a table from the workspace perspective	Yes	Yes	Yes	No	No	No	No	No	No	No
Execute an undeployment plan that is created for a table from the workspace perspective	Yes	Yes	No	No	No	Yes	No	No	No	No
Create an undeployment plan for a table from the individual perspective	Yes	Yes	Yes	No	No	Yes	No	No	No	No
Execute an undeployment plan that is created for a table from the individual perspective	Yes	Yes	No	No	No	Yes	No	No	No	No
Change the owner of a task from the workspace perspective	Yes	Yes	No	No	No	Yes	No	No	No	No
Change the owner of a task from the individual perspective	Yes	Yes	No	No	No	Yes	No	No	No	No
Create an undeployment plan for a task from the workspace perspective	Yes	Yes	Yes	No	No	No	No	No	No	No
Create an undeployment plan for a task from the individual perspective	Yes	Yes	Yes	No	No	Yes	No	No	No	No
Complete missing dependencies for a task in a workspace	Yes	Yes	Yes	No	No	No	No	No	No	No
Add a table to a whitelist from the workspace perspective on the Governance Issue page	Yes	Yes	Yes	No	No	No	No	No	No	No
View all metric data for check events from the workspace perspective on the Check Event page	Yes	Yes	Yes	No	No	No	No	No	No	No
View all whitelists in a workspace on the Whitelist page	Yes	Yes	Yes	No	No	No	No	No	No	No
Disable a whitelist created in a workspace on the Whitelist page	Yes	Yes	Yes	No	No	No	No	No	No	No
Create an undeployment plan on the Graceful Shutdown page	Yes	Yes	Yes	No	No	Yes	No	No	No	No
View all undeployment plans created in the current workspace on the Graceful Shutdown page	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No
View the details of an undeployment plan on the Graceful Shutdown page	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No
Perform operations on an undeployment plan on the Graceful Shutdown page	Yes	Yes	Yes	No	No	Yes	No	No	No	No
View recommended materialized views by workspace on the Materialized View page	Yes	Yes	Yes	No	No	No	No	No	No	No
Create a materialized view in a workspace on the Materialized View page	Yes	Yes	Yes	No	No	No	No	No	No	No
View the list of recommended materialized views in a workspace on the Materialized View page	Yes	Yes	Yes	No	No	No	No	No	No	No
View the list of materialized views in a workspace on the Materialized View page	Yes	Yes	Yes	No	No	No	No	No	No	No
View the panoramic information of a table in a workspace on the Table 360 page	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No
View the panoramic information of a task in a workspace on the Task 360 page	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No
View exported data from the individual dimension on the Workbench tab	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No
Export data on the Workbench tab	Yes	Yes	Yes	No	No	No	No	No	No	No
Export data from the individual perspective on the Workbench tab	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No
Perform resource usage analysis for all workspaces on the Use Analysis tab	Yes	Yes	Yes	No	No	No	No	No	No	No
Perform resource usage analysis for a single workspace on the Use Analysis tab	Yes	Yes	Yes	No	No	No	No	No	No	No
View information about governance items and check items on the Knowledge tab	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No
Use a solution template provided on the Solution Template page	Yes	Yes	Yes	No	No	No	No	No	No	No
View the configuration of a check item on the Configure Check Item page	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No
Enable or disable all check items for a workspace on the Configure Check Item page	Yes	Yes	Yes	No	No	No	No	No	No	No
Perform operations on a check item on the Configure Check Item page	Yes	Yes	Yes	No	No	No	No	No	No	No
View governance items on the Configure Governance Item page	Yes	Yes	Yes	No	No	No	No	No	No	No
Configure an exclusion rule for governance items on the Configure Governance Item page	Yes	Yes	Yes	No	No	No	No	No	No	No
View notification settings configured for a workspace on the Notification Settings page	Yes	Yes	Yes	No	No	No	No	No	No	No
Configure notification settings from the global perspective on the Notification Settings page	No	No	No	No	No	No	No	No	No	No
Configure notification settings from the workspace perspective on the Notification Settings page	Yes	Yes	Yes	No	No	No	No	No	No	No
Configure notification settings from the individual perspective on the Notification Settings page	Yes	Yes	Yes	No	Yes	Yes	Yes	Yes	No	No