When using the dataset-related features for the first time, you need to grant RAM users the permissions to manage datasets and access data storage services, such as Object Storage Service (OSS), Aspara File Storage NAS (NAS), and Cloud Parallel File Storage (CPFS).
Account and permission requirements
Alibaba Cloud account: The Alibaba Cloud account has full permissions without the need for additional authorization.
RAM user: RAM users require specific permissions to perform operations. The following section describes the necessary permissions for RAM users and how to authorize them:
Authorize a RAM user
Grant dataset management permissions
Add the RAM user to the workspace and assign required roles. For information about the permissions of roles, see AI Asset Management. For information about how to add RAM users to workspaces, see Manage members of a workspace.
Grant OSS type dataset permissions
To create OSS type datasets, the RAM user must have permissions to access and use the OSS bucket list. Take the following steps:
Create a custom policy on the JSON tab. Sample policy:
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "oss:ListBuckets", "oss:GetBucketStat", "oss:GetBucketInfo", "oss:GetBucketTagging", "oss:GetBucketLifecycle", "oss:GetBucketWorm", "oss:GetBucketVersioning", "oss:GetBucketAcl", "oss:PutObject", "oss:GetBucketCors", "oss:PutBucketCors" ], "Resource": "acs:oss:*:*:*" }, { "Effect": "Allow", "Action": [ "oss:ListObjects", "oss:GetBucketAcl" ], "Resource": "acs:oss:*:*:mybucket" }, { "Effect": "Allow", "Action": [ "oss:GetObject", "oss:GetObjectAcl" ], "Resource": "acs:oss:*:*:mybucket/*" } ] }
Grant NAS/CPFS type dataset permissions
To create NAS/CPFS type datasets, the RAM user must have permissions to access and use the NAS file system list, which includes querying file systems and protocol service information (CPFS only). Take the following steps:
Create a custom policy on the JSON tab. Sample policy:
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "nas:DescribeFileSystems", "nas:DescribeProtocolMountTarget", "nas:DescribeProtocolService " ], "Resource": "acs:nas:*:*:filesystem/*" } ] }