This topic describes how to use your Alibaba Cloud account to create a Resource Access Management (RAM) user and authorize the RAM user to perform data development on a Hologres instance in DataWorks.
Background information
By default, the system sets the Alibaba Cloud account that is used to purchase an instance as a superuser of the instance. A superuser of an instance has all permissions on the instance.
Other users can access an instance only after they are granted the required permissions by a superuser of the instance.
You can grant the following types of permissions to a RAM user in your Alibaba Cloud account:
RAM permissions
RAM permissions are optional. After you grant RAM permissions to a RAM user, you can log on to the Hologres console as the RAM user. Then, you can purchase or delete instances, upgrade or downgrade instance specifications, modify the network configurations of instances, or view instance details.
Development permissions on instances
Development permissions are required. Before you can connect to a Hologres instance and perform data development as a RAM user, you must use your Alibaba Cloud account to grant the required data development permissions to the RAM user.
Hologres provides a simple permission model (SPM) and a standard PostgreSQL authorization model for you to grant permissions to RAM users.
SPM (recommended)
SPM is a coarse-grained model that is provided by Hologres based on the PostgreSQL authorization system. For more information, see Overview.
Standard PostgreSQL authorization model
Hologres is compatible with PostgreSQL and supports the standard PostgreSQL authorization model. If this model is used, you can grant permissions to RAM users by executing standard PostgreSQL statements. For more information, see Standard PostgreSQL authorization model.
Create a RAM user
If you have created a RAM user, skip this step.
Log on to the Alibaba Cloud official website by using your Alibaba Cloud account.
Log on to the RAM console by using your Alibaba Cloud account.
In the left-side navigation pane, choose Identities > Users.
On the Users page, click Create User.
On the Create User page, you can click Add User to create multiple RAM users at a time.
In the User Account Information section, specify the Logon Name and Display Name parameters.
In the Access Mode section, select Console Access.
Configure a password for the RAM user.
Click OK.
Grant permissions to a RAM user
Grant RAM permissions to a RAM user.
After you grant RAM permissions to a RAM user by using your Alibaba Cloud account, you can log on to the Hologres console as the RAM user and view, purchase, or delete instances or perform other supported operations.
Grant data development permissions to a RAM user.
You can develop data in a Hologres instance as a RAM user only after the required data development permissions on the instance are granted to the RAM user by using your Alibaba Cloud account. For more information, see Grant the data development permissions on a Hologres instance to RAM users.
Add a RAM user to a DataWorks workspace
After you grant data development permissions on a Hologres instance to a RAM user, you must add the RAM user to the DataWorks workspace with which the Hologres instance is associated. Then, you can develop data in the Hologres instance in DataWorks as the RAM user. To add a RAM user to a DataWorks workspace, perform the following steps:
Go to the configuration page of the workspace.
Log on to the DataWorks console. In the top navigation bar, select the desired region. Then, click Workspace in the left-side navigation pane.
On the Workspaces page, find the desired workspace, and click Manage in the Actions column.
On the Workspace Members tab, click Add Members in the upper-right corner.
In the Add Members dialog box, click Refresh to synchronize all RAM users in your Alibaba Cloud account to the Available Accounts list.
In the Available Accounts list, select the RAM user that you want to add and click > to move the RAM user to the Selected Accounts list.
Select the RAM user in the Selected Accounts list and click Confirmation.
By default, the creator of a workspace is assigned the Workspace Manager role. The following table describes the roles in DataWorks.
Role
Description
Project Owner
This role has all permissions on a workspace.
Workspace Manager
This role has all permissions of the Development and O&M roles. In addition, the Workspace Manager role can manage the workspace. For example, the role can add and delete workspace members, assign roles to workspace members, and create custom resource groups.
Development
This role has permissions to perform design and maintenance operations on the DataStudio page of a workspace.
O&M
This role has permissions to manage the running of all tasks and perform the required operations on all tasks in a workspace in Operation Center.
Deploy
This role has permissions to review the code of a task and determine whether to commit the task to Operation Center in a workspace in standard mode.
Visitor
This role has read-only permissions on workflows and code on the DataStudio page.
Safety Manager
This role can perform operations only in Data Security Guard. For more information, see Data Security Guard.
Log on to the DataWorks console as a RAM user. Go to the DataStudio page.
Perform data development operations based on your business requirements.
Remove a RAM user from a DataWorks workspace
Go to the configuration page of the workspace.
Log on to the DataWorks console.
In the left-side navigation pane, click Workspaces.
On the Workspaces page, find the desired workspace, and click Manage in the Actions column.
On the Workspace Members tab, find the desired RAM user and click Remove in the Actions column. Remove the RAM user as prompted.
NoteAfter the RAM user is removed from the DataWorks workspace, the RAM user still has the data development permissions on the Hologres instance.