A workspace is a basic unit in which different roles are used for collaborative development. All development operations are performed in a specific workspace. If you want to allow Resource Access Management (RAM) users to collaborate on development operations in a workspace, you must add the RAM users to the workspace as members and assign roles to the RAM users.
Background information
The following table shows the roles and permissions supported by E-MapReduce (EMR) Serverless Spark:
Permission category | Permission\Role | Guest (Visitor) | DataScience (Data Analyst) | DataEngineering (Data Developer) | Owner (Administrator) |
Workflow viewing | View workflow lists, states, versions, topologies, details, and configurations | √ | √ | √ | √ |
View the logs, output, and SparkUI of workflow nodes | √ | √ | √ | √ | |
Workflow editing | Create workflows, including the association and deployment of topologies, nodes, and jobs | - | - | √ | √ |
Delete workflows | - | - | √ | √ | |
Create workflow nodes | - | - | √ | √ | |
Edit workflow run configurations | - | - | √ | √ | |
Workflow management | Enable workflow scheduling | - | - | √ | √ |
Disable workflow scheduling | - | - | √ | √ | |
Trigger workflows | - | - | √ | √ | |
Perform operations, such as rerun, set to successful, and stop, on workflow nodes | - | - | √ | √ | |
Queue management | View queues | √ | √ | √ | √ |
Add queues | - | - | - | √ | |
Edit queues, such as the adjustment of resource quantities | - | - | - | √ | |
Delete queues | - | - | - | √ | |
Submit queues for execution | - | ✓ (Effective scope: resource_queue_dev) | ✓ (Effective scope *) | ✓ (Effective scope *) | |
Compute management | View computes | √ | √ | √ | √ |
Create computes | - | - | √ | √ | |
Edit computes | - | - | √ | √ | |
Delete computes | - | - | √ | √ |
Prerequisites
A workspace is created. For more information, see Manage workspaces.
RAM users are created and granted the AliyunEmrServerlessSparkReadOnlyAccess permission. For more information, see Grant permissions to a RAM user.
Manage users
Add users
Go to the Access Control page.
Log on to the EMR console.
In the left-side navigation pane, choose .
On the Spark page, click the name of the workspace to which you want to add users.
In the left-side navigation pane of the EMR Serverless Spark page, click Access Control.
On the User tab of the Access Control page, click Add User.
In the Add User dialog box, select the RAM users that you want to add to the workspace as members and click OK.
You can select one or more RAM users.
Remove a user
On the User tab of the Access Control page, find the user that you want to remove from the workspace and click Delete in the Actions column.
In the Remove User dialog box, click Remove.
Manage roles
Create a role and grant permissions to the role
If the permissions of existing roles cannot meet your business requirements, you can create a new role and grant the required permissions to the role.
On the Role tab of the Access Control page, click Create Role.
In the dialog box that appears, configure the Role Name and Display Name parameters and click OK.
Click the name of the role that you created.
Click Add Authorization.
Select the permissions that you want to grant to the role and click OK.
Associate users with a role
On the Role tab of the Access Control page, find the role with which you want to associate users and click Add User in the Actions column.
In the Add User dialog box, select the users that you want to associate with the role and click OK.
Disassociate users from a role
On the Role tab of the Access Control page, find the role from which you want to disassociate users and click Remove User in the Actions column.
In the Remove User dialog box, select the users that you want to disassociate from the role and click OK.