DLA服務關聯角色 - Data Lake Analytics - Deprecated

在本文為主要介紹DLA服務關聯角色（AliyunServiceRoleForOpenAnalytics）的應用情境以及如何刪除服務關聯角色。

背景資訊

DLA服務關聯角色（AliyunServiceRoleForOpenAnalytics）是在某些情況下，為了完成DLA自身的某個功能，需要擷取其他各種各樣的雲端服務的存取權限，而提供的RAM角色。更多資訊請參見服務關聯角色。

應用情境

DLA作為阿里雲資料湖分析產品，提供Serverless Presto和Spark的核心產品功能，需要為使用者打通、串連、關聯各種各樣的阿里雲資料來源和各種雲端服務產品（OSS、OTS、RDS、ADS、ODPS、ECS、VPC、RAM、MQ等），從而實現資料湖的各種各樣的功能。因此，DLA會在使用者開通DLA服務的時候，自動化的協助使用者在DLA內部建立好服務關聯角色，從而極大的提高使用者體驗。

查看DLA服務關聯角色

登入Data Lake Analytics管理主控台。
在概覽頁面右上方單擊選項按鈕。

在跨雲端服務授權頁面查看DLA服務關聯角色資訊：

角色名稱：AliyunServiceRoleForOpenAnalytics
角色權限原則：AliyunServiceRolePolicyForOpenAnalytics

許可權說明如下：

{
  "Version": "1",
  "Statement": [
    {
      "Action": "ram:DeleteServiceLinkedRole",
      "Resource": "*",
      "Effect": "Allow",
      "Condition": {
        "StringEquals": {
          "ram:ServiceName": "openanalytics.aliyuncs.com"
        }
      }
    },
    {
      "Action": [
        "ram:ListUsers",
        "ram:GenerateCredentialReport"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "oss:GetBucket",
        "oss:GetBucketAcl",
        "oss:GetBucketLocation",
        "oss:GetBucketInfo",
        "oss:GetBucketLogging",
        "oss:GetBucketWebsite",
        "oss:GetBucketReferer",
        "oss:GetBucketLifecycle",
        "oss:GetBucketEncryption",
        "oss:GetBucketStat",
        "oss:GetBucketMetadata",
        "oss:GetBucketTagging",
        "oss:GetBucketVersioning",
        "oss:GetSimplifiedObjectMeta",
        "oss:GetObjectMetadata",
        "oss:GetBucketStorageCapacity",
        "oss:GetBucketEncryption",
        "oss:GetObject",
        "oss:GetObjectMeta",
        "oss:GetObjectAcl",
        "oss:GetSymlink",
        "oss:GetObjectTagging",
        "oss:GetService",
        "oss:ListObjects",
        "oss:ListMultipartUploads",
        "oss:ListParts",
        "oss:ListBuckets",
        "oss:ListVpcip",
        "oss:ListVersions",
        "oss:GetBucketCname",
        "oss:GetBucketRequestPayment",
        "oss:GetBucketVpcip",
        "oss:DoesBucketExist",
        "oss:DoesObjectExist",
        "oss:ListObjectsV2",
        "oss:SelectObject",
        "oss:HeadObject",
        "oss:PutBucket",
        "oss:PutObject",
        "oss:PutObjectTagging",
        "oss:CopyObject",
        "oss:InitiateMultipartUpload",
        "oss:UploadPart",
        "oss:UploadPartCopy",
        "oss:CompleteMultipartUpload",
        "oss:AbortMultipartUpload",
        "oss:RestoreObject",
        "oss:PostObject",
        "oss:UploadFile",
        "oss:DownloadFile",
        "oss:AppendObject",
        "oss:DeleteObject",
        "oss:DeleteObjects"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "alikafka:PUB"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "rds:DescribeDBInstances",
        "rds:DescribeDBInstanceAttribute",
        "rds:DescribeDBInstanceNetInfo",
        "rds:DescribeDBInstanceHAConfig",
        "rds:DescribeDBInstanceIPArrayList",
        "rds:ModifySecurityIps",
        "dds:DescribeDBInstances",
        "dds:DescribeDBInstanceAttribute",
        "dds:DescribeSecurityIps",
        "dds:ModifySecurityIps",
        "polardb:DescribeDBClusters",
        "polardb:DescribeDBClusterAttribute",
        "polardb:DescribeDBClusterEndpoints",
        "polardb:DescribeDBClusterAccessWhitelist",
        "polardb:ModifyDBClusterAccessWhitelist"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "mns:GetQueueAttributes",
        "mns:GetTopicAttributes",
        "mns:GetSubscriptionAttributes",
        "mns:ListQueue",
        "mns:ListTopic",
        "mns:ListSubscriptionByTopic",
        "mns:SendMessage",
        "mns:PublishMessage"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "mq:PUB"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "dbs:DescribeBackupPlanList",
        "dbs:DescribeFullBackupList",
        "dbs:DescribeIncrementBackupList",
        "dbs:DescribeRestoreTaskList",
        "dbs:DescribeBackupGatewayList"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "ots:GetRow",
        "ots:BatchGetRow",
        "ots:GetRange",
        "ots:GetShardIterator",
        "ots:GetStreamRecord",
        "ots:ListStream",
        "ots:ListTable",
        "ots:ListSearchIndex",
        "ots:DescribeStream",
        "ots:DescribeTable",
        "ots:DescribeSearchIndex",
        "ots:ComputeSplitPointsBySize",
        "ots:CreateTable",
        "ots:UpdateTable",
        "ots:DeleteTable",
        "ots:PutRow",
        "ots:UpdateRow",
        "ots:DeleteRow",
        "ots:BatchWriteRow",
        "ots:CreateIndex",
        "ots:DropIndex",
        "ots:CreateSearchIndex",
        "ots:DeleteSearchIndex",
        "ots:Search"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "log:ListProject",
        "log:ListLogStores",
        "log:ListShipper",
        "log:GetCursorOrData",
        "log:BatchGetLog",
        "log:GetShipper",
        "log:GetShipperConfig",
        "log:BatchGetLog",
        "log:DeleteShipper",
        "log:CreateShipper"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "ecs:CreateNetworkInterfacePermission",
        "ecs:DeleteNetworkInterfacePermission",
        "ecs:CreateNetworkInterface",
        "ecs:DescribeNetworkInterfaces",
        "ecs:DescribeSecurityGroups"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Action": [
        "vpc:DescribeVSwitches",
        "vpc:DescribeVpcs"
      ],
      "Resource": "*",
      "Effect": "Allow"
    }
  ]
}

刪除服務關聯角色

當您嘗試刪除服務關聯角色（AliyunServiceRoleForOpenAnalytics）時，您需要進行如下操作：

關閉當前Region和其他所有Region的DLA服務，因為DLA是以使用者帳號維度來判斷SLR的關聯性。
刪除服務關聯角色，具體操作請參見刪除服務關聯角色。