CreatePermissionApplyOrder -

Creates a permission request order.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters


Parameter	Type	Required	Example	Description
Action	String	Yes	CreatePermissionApplyOrder	The operation that you want to perform. Set the value to CreatePermissionApplyOrder.
RegionId	String	Yes	cn-shanghai	The region ID. For example, the ID of the China (Shanghai) region is cn-shanghai, and that of the China (Zhangjiakou) region is cn-zhangjiakou. The system determines the value of this parameter based on the endpoint that is used to call the operation.
ApplyUserIds	String	Yes	2678426004089**,26784260040899**	The ID of the Alibaba Cloud account for which you want to request permissions. If you want to request permissions for multiple Alibaba Cloud accounts, separate the IDs of the accounts with commas (,).
Deadline	Long	No	1617115071885	The expiration time of the permissions that you request. This value is a UNIX timestamp. If you do not specify a value for this parameter, January 1, 2065 is used as the expiration time. If LabelSecurity is disabled for the MaxCompute project in which you want to request permissions on the fields of a table, or the security level of the fields is 0 or is lower than or equal to the security level of the Alibaba Cloud account for which you want to request permissions, you can request only permanent permissions. You can go to the Workspace Management page of the DataWorks console, click MaxCompute Management in the left-side navigation pane, and then check whether column-level access control is enabled. You can go to your DataWorks workspace, view the security level of the fields in DataMap, and then view the security level of the Alibaba Cloud account on the User Management page.
ApplyReason	String	Yes	I need to use this table	The reason for your request. The administrator determines whether to approve the request based on the reason.
MaxComputeProjectName	String	Yes	aMaxcomputeProjectName	The name of the MaxCompute project in which you request permissions on the fields of a table.
WorkspaceId	Integer	Yes	12345	The ID of the DataWorks workspace that is associated with the MaxCompute project in which you want to request permissions on the fields of a table. You can go to the Workspace Management page in the DataWorks console to view the workspace ID.
OrderType	Integer	No	1	The type of the permission request order. The parameter value is 1 and cannot be changed. This value indicates ACL-based authorization.
EngineType	String	No	odps	The type of the compute engine instance in which you want to request permissions on the fields of a table. The parameter value is odps and cannot be changed. This value indicates that you can request permissions only on fields of tables in MaxCompute compute engine instances.
ApplyObject.N.Actions	String	Yes	Select,Describe	The permission that you want to request. If you want to request multiple permissions at the same time, separate them with commas (,). You can request only the following permissions: Select, Describe, Drop, Alter, Update, and Download.
ApplyObject.N.ColumnMetaList.N.Name	String	Yes	aColumnName	The name of the field on which you want to request permissions. If you want to request permissions on an entire table, enter the names of all fields in the table. You can request permissions on specific fields of a table in a MaxCompute project only after LabelSecurity is enabled for this project. If LabelSecurity is disabled, you can request permissions only on an entire table.
ApplyObject.N.Name	String	Yes	aTableName	The name of the object on which you want to request permissions. You can request permissions only on MaxCompute tables. Set this parameter to the name of the table on which you want to request permissions.

Response parameters


Parameter	Type	Example	Description
RequestId	String	0bc1ec92159376****	The ID of the request.
FlowId	Array of String	ee276e6e-5d34-46d8-b848-bca7879ed233	The ID of the request order. If you request permissions on multiple objects but each object has a different request approver, one request order is generated for each object and is sent to the related approver. In this case, an array is returned.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CreatePermissionApplyOrder
&ApplyUserIds=267842600408993176,267842600408993177
&Deadline=1617115071885
&ApplyReason=I need to use this table
&MaxComputeProjectName=aMaxcomputeProjectName
&WorkspaceId=12345
&OrderType=1
&EngineType=odps
&ApplyObject=[{"Actions":"Select,Describe","ColumnMetaList":[{"Name":"aColumnName"}],"Name":"aTableName"}]
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<CreatePermissionApplyOrderResponse>
    <RequestId>0bc1ec92159376****</RequestId>
    <FlowId>ee276e6e-5d34-46d8-b848-bca7879ed233</FlowId>
</CreatePermissionApplyOrderResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "0bc1ec92159376****",
  "FlowId" : "ee276e6e-5d34-46d8-b848-bca7879ed233"
}

Error codes

For a list of error codes, visit the API Error Center.