MaxCompute:User and role operations

Add a user

Adds an Alibaba Cloud account or a RAM user to a MaxCompute project.

• Limits

  MaxCompute allows you to add only the RAM users that belong to your Alibaba Cloud account to a project. It does not allow you to add RAM users that belong to other Alibaba Cloud accounts.

• Syntax

  add user <user_name>;

• Parameter

  user_name: required. The name of the Alibaba Cloud account or RAM user that you want to add. The format of an Alibaba Cloud account is ALIYUN$****@aliyun.com;. The format of a RAM user is RAM$****.

• Examples

  • Example 1: Add the Alibaba Cloud account test_user@aliyun.com to a MaxCompute project.

    add user ALIYUN$test_user@aliyun.com;

  • Example 2: Add the RAM user ram_test_user to a MaxCompute project.

    add user RAM$ram_test_user;

Remove a user

If a user leaves the MaxCompute project team, the user must be removed from the project. After the user is removed, the user is no longer authorized to access resources in the project.

• Limits

  • Before you remove a user who is assigned a role, you must revoke the role.

  • MaxCompute does not support the complete removal of a user and the relevant authorization data. After a user is removed from a project, permissions related to the user are retained. If the user is added to the project again, the historical access permissions of the user will be activated again.

• Syntax

  remove user <user_name>;

• Parameter

  user_name: required. The name of the Alibaba Cloud account or RAM user that you want to remove. The format of an Alibaba Cloud account is ALIYUN$****@aliyun.com;. The format of a RAM user is RAM$****.

• Examples

  • Example 1: Remove the Alibaba Cloud account test_user@aliyun.com.

    remove user ALIYUN$test_user@aliyun.com;

  • Example 2: Remove the RAM user ram_test_user.

    remove user RAM$ram_test_user;

View users

list users;

Create a role

Creates a role in a MaxCompute project.

• Syntax

  create role <role_name>;

• Parameter

  role_name: required. The name of the role that you want to add.

• Example

  -- Create the player role.
  create role player;

View roles

Views the information of all roles in a MaxCompute project.

list roles;

Grant a role to a user

Grants a role to a user so that the user has all the permissions of the role.

• Limits

  Before you grant a role to a user, you must grant the role the permissions on project objects. For more information, see Grant a role or user.

• Syntax

  grant <role_name> to <user_name>;

• Parameters

  • role_name: required. The name of the role that you want to grant to a user.

  • user_name: required. The name of the Alibaba Cloud account or RAM user to which you grant the role. The format of an Alibaba Cloud account is ALIYUN$****@aliyun.com;. The format of a RAM user is RAM$****.

• Example

  -- Grant the player role to the Alibaba Cloud account test_user@aliyun.com.
  grant player to ALIYUN$test_user@aliyun.com;

Revoke a user from a role

Revokes a user from a specific role.

• Syntax

  revoke <role_name> from <user_name>;

• Parameters

  • role_name: required. The name of the role from which you want to revoke a user.

  • user_name: required. The name of the Alibaba Cloud account or RAM user that you want to revoke. The format of an Alibaba Cloud account is ALIYUN$****@aliyun.com;. The format of a RAM user is RAM$****.

• Example

  -- Revoke the Alibaba Cloud account alice@aliyun.com from the player role.
  revoke player from ALIYUN$alice@aliyun.com;

Delete a role

Deletes an existing role from a MaxCompute project.

• Limits

  Before you delete a role, you must make sure that no users are assigned this role.

• Syntax

  drop role <role_name>;

• Parameter

  role_name: required. The name of the role that you want to delete.

• Example

  -- Delete the player role.
  drop role player;