Help Center/ Data Lake Insight/ User Guide/ DLI Permission Management/ IAM Permission Management/ IAM Permissions
Updated on 2025-09-30 GMT+08:00
View PDF

IAM Permissions

Elastic Resource Pool

Table 1 Elastic resource pool permission set

Operation

Permission (service:resource:action)

(Role/Policy-based Authorization)

Creating an elastic resource pool

dli:elasticresourcepool:create

Querying all elastic resource pools

/

Deleting an elastic resource pool

dli:elasticresourcepool:drop

Modifying elastic resource pool information

dli:elasticresourcepool:update

Associating a queue with an elastic resource pool

dli:elasticresourcepool:resourceManagement

Querying all queues in an elastic resource pool

dli:elasticresourcepool:resourceManagement

Modifying the scaling policy of a queue associated with an elastic resource pool

dli:elasticresourcepool:resourceManagement

Viewing scaling history of an elastic resource pool

dli:elasticresourcepool:scale

Queue

Table 2 Queue permission set

Operation

Permission (service:resource:action)

(Role/Policy-based Authorization)

Creating a queue

dli:queue:createQueue

Querying all queues

/

Deleting a queue

dli:queue:dropQueue

Modifying the CIDR block of a queue (deprecated)

dli:queue:updateQueue

Querying queue details

/

Restarting, scaling out, and scaling in queues

dli:queue:scaleQueue

Creating an address connectivity test request

/

Querying connectivity test details of a specified address

/

Creating a scheduled CU change (deprecated)

dli:queue:scaleQueue

Viewing a scheduled CU change (deprecated)

dli:queue:scaleQueue

Batch deleting scheduled CU changes (deprecated)

dli:queue:scaleQueue

Modifying a scheduled CU change (deprecated)

dli:queue:scaleQueue

Deleting a scheduled CU change (deprecated)

dli:queue:scaleQueue

Adding queue properties

dli:queue:updateQueue

Querying queue properties

/

Updating queue properties

dli:queue:updateQueue

Deleting queue properties

dli:queue:updateQueue

Setting the queue scale-out range

dli:queue:scaleQueue

Enhanced Datasource Connection

Table 3 Enhanced datasource connection permission set

Operation

Permission (service:resource:action)

(Role/Policy-based Authorization)

Creating an enhanced datasource connection

/

Querying the enhanced datasource connection list

/

Deleting an enhanced datasource connection

/

Querying an enhanced datasource connection

/

Modifying the host information of an enhanced datasource connection

/

Binding a queue

/

Unbinding a queue

/

Querying authorization of an enhanced datasource connection

/

Creating a route for an enhanced datasource connection (deprecated)

/

Deleting a route from an enhanced datasource connection (deprecated)

/

Creating a route for an enhanced datasource connection

/

Deleting a route from an enhanced datasource connection

/

Package and Package Group

Table 4 Package and package group permission set

Operation

Permission (service:resource:action)

(Role/Policy-based Authorization)

Uploading a package group (deprecated)

/

Querying the package group list (deprecated)

dli:resource:listResource

Uploading a JAR package group (deprecated)

/

Uploading a file package group (deprecated)

/

Uploading a PyFile package group (deprecated)

/

Querying resource packages in a group (deprecated)

dli:resource:getResource

Deleting a resource package from a group (deprecated)

dli:resource:deleteResource

Changing the owner of a group or resource package (deprecated)

dli:resource:updateResource

Global Variable

Table 5 Global variable permission set

Operation

Permission (service:resource:action)

(Role/Policy-based Authorization)

Creating a global variable

/

Querying global variables

/

Deleting a DLI global variable

dli:variable:delete

Modifying a DLI global variable

dli:variable:update

Datasource Authentication

Table 6 Datasource authentication permission set

Operation

Permission (service:resource:action)

(Role/Policy-based Authorization)

Creating datasource authentication (deprecated)

/

Querying the datasource authentication list (deprecated)

dli:datasourceauth:list

Updating datasource authentication (deprecated)

dli:datasourceauth:update

Deleting datasource authentication (deprecated)

dli:datasourceauth:delete

Creating datasource authentication

/

Querying the datasource authentication list

dli:datasourceauth:listAuth

Updating datasource authentication information

dli:datasourceauth:updateAuth

Deleting datasource authentication information

dli:datasourceauth:dropAuth

SQL Job

Table 7 SQL job permission set

Operation

Permission (service:resource:action)

(Role/Policy-based Authorization)

Submitting a SQL job

dli:queue:submitJob

Canceling a job

dli:queue:cancelJob

Querying all SQL jobs

/

Querying all SQL jobs (deprecated)

/

Previewing SQL job query results

/

Querying the job status

/

Querying job details

/

Checking SQL syntax

/

Querying the job execution progress

/

Importing table data (deprecated)

dli:table:insertInto

Exporting table data (deprecated)

dli:table:select

Exporting query results (deprecated)

/

Submitting a SQL job (deprecated)

dli:queue:submitJob

Canceling a job (deprecated)

dli:queue:cancelJob

Querying job execution results (deprecated)

/

Creating a data upload task (deprecated)

/

Authenticating a data upload (deprecated)

/

Committing final data (deprecated)

/

Creating a data download channel

/

Creating a SQL template

/

Viewing all SQL templates

/

Batch deleting SQL templates

/

Updating a SQL template

/

Querying all sample SQL templates

/

Spark Job

Table 8 Spark job permission set

Operation

Permission (service:resource:action)

(Role/Policy-based Authorization)

Creating a batch processing job

/

Querying the batch processing job list

/

Querying batch processing job details

/

Canceling a batch processing job

/

Querying the status of a batch processing job

/

Querying batch processing job logs (deprecated)

/

Creating a job template

/

Querying the job template list

/

Modifying a job template

/

Querying a job template

/

Flink Job

Table 9 Flink job permission set

Operation

Permission (service:resource:action)

(Role/Policy-based Authorization)

Creating a Flink SQL job

dli:jobs:create

Updating a Flink SQL job

dli:jobs:update

Creating a Flink Jar job

dli:jobs:create

Updating a Flink Jar job

dli:jobs:update

Batch running jobs

dli:jobs:start

Batch stopping jobs

dli:jobs:stop

Querying the job list

dli:jobs:listAll

Querying job details

dli:jobs:get

Deleting a job

dli:jobs:delete

Batch deleting jobs

dli:jobs:delete

Exporting a Flink job

dli:jobs:export

Importing a Flink job

dli:jobs:create

Generating a static stream graph for a Flink SQL job

dli:jobs:get

Querying the job execution plan

dli:jobs:get

Importing a savepoint

dli:jobs:update

Creating a savepoint

dli:jobs:update

Checking job existence (protected)

/

Checking Flink SQL syntax (protected)

/

Querying jobmanager logs of a running job (protected)

/

Querying taskmanager logs of a running job (protected)

/

Querying job commit logs (protected)

/

Creating a template

/

Querying the template list

/

Deleting a template

/

Updating a template

/

Checking Flink template existence (Protected)

/

Querying the sample Flink system template list (protected)

/

Permission Management

Table 10 Permission set for DLI permission management

Operation

Permission (service:resource:action)

(Role/Policy-based Authorization)

Granting data access control to users or projects

/

Checking the permissions granted to a user

/

Granting queue permissions to a user (deprecated)

/

Querying queue users (deprecated)

/

Granting data permissions to users (deprecated)

/

Querying database users (deprecated)

/

Querying table users (deprecated)

/

Querying user permissions on a table (deprecated)

/

Querying the list of cross-project permissions on a database (protected)

/

Querying specific project permissions on a database (protected)

/

Querying the list of cross-project permissions on a table (protected)

/

Querying specific project permissions on a table (protected)

/

Querying cross-project permissions on a column (protected)

/

Changing a database name (protected)

dli:database:updateDatabase

Quota

Table 11 Quota permission set

Operation

Permission (service:resource:action)

(Role/Policy-based Authorization)

Querying a user's quota list

/

Data Catalog

Table 12 Data catalog permission set

Operation

Permission (service:resource:action)

(Role/Policy-based Authorization)

Querying information about all catalogs in a project

dli:catalog:list

Binding or unbinding a catalog mapping

dli:catalog:bind

Describing a catalog

dli:catalog:get

Database

Table 13 Database permission set

Operation

Permission (service:resource:action)

(Role/Policy-based Authorization)

Querying all databases (deprecated)

dli:database:list

Creating a database (deprecated)

dli:database:create

Changing a database owner (deprecated)

dli:database:update

Deleting a database (deprecated)

dli:database:dropDatabase

Table

Table 14 Data table permission set

Operation

Permission (service:resource:action)

(Role/Policy-based Authorization)

Querying all tables (deprecated)

dli:database:displayAllTables

Creating a table (deprecated)

dli:database:createTable

Changing a table owner (deprecated)

dli:table:update

Describing a table (deprecated)

dli:table:describe

Deleting a table (deprecated)

dli:table:delete

Previewing a table (deprecated)

dli:table:select

Querying the partition list (deprecated)

dli:table:showPartitions

SQL Inspection Rule

Table 15 SQL inspection rule permission set

Operation

Permission (service:resource:action)

(Role/Policy-based Authorization)

Creating a SQL inspection rule

dli:sqldefendrule:create

Modifying a SQL inspection rule

dli:sqldefendrule:update

Deleting a SQL inspection rule

dli:sqldefendrule:delete

Querying a SQL inspection rule

dli:sqldefendrule:get

Querying the SQL inspection rule list

dli:sqldefendrule:list