When you use a RAM role to ship data from Simple Log Service to MaxCompute, you must grant the data shipping permissions and shipping job management permissions to the RAM role.
Overview
Data shipping from Simple Log Service to MaxCompute requires the following permissions:
Data read and write permissions: the permissions to read data from Simple Log Service logstores and write data to MaxCompute tables.
Shipping job management permissions: the permissions to create, delete, modify, and view MaxCompute data shipping jobs.
Permissions to read and write data
Operation | Authorization method | Description |
Configure permissions to read data from a logstore | Grant Simple Log Service the permissions to assume the AliyunLogDefaultRole to read data from the source logstore. | |
Grant Simple Log Service the permissions to assume a custom RAM role to read data from the source logstore. | ||
Configure permissions to write data to MaxCompute | Grant a MaxCompute data shipping job the permissions to assume the AliyunLogDefaultRole to write data that is read from a Simple Log Service logstore to a MaxCompute table. | |
Grant a MaxCompute data shipping job the permissions to assume a custom RAM role to write data that is read from a Simple Log Service logstore to a MaxCompute table. |
Permissions to manage data shipping jobs
Before RAM users can manage data shipping jobs, the RAM users must be authorized to do so. For more information, see Grant a RAM user the permissions to ship data to MaxCompute.