Help Center/ Data Lake Insight/ API Reference/ Permissions and Supported Actions/ Actions Supported by Role/Policy-based Authorization
Updated on 2026-01-08 GMT+08:00
Online Debugging
CLI Examples
View PDF
Share

Actions Supported by Role/Policy-based Authorization

This section describes the actions supported by DLI in role/policy-based authorization.

Supported Actions

DLI provides system-defined policies that can be directly used in IAM. You can also create custom policies to supplement system-defined policies for more refined access control. The following are related concepts:

  • Permissions: allow or deny operations on specified resources under specific conditions.
  • APIs: REST APIs that can be called by a user who has been granted specific permissions
  • Actions: specific operations that are allowed or denied in a custom policy.
  • Dependencies: actions on which a specific action depends. When allowing an action for a user, you also need to allow any existing action dependencies for that user.
  • IAM projects/Enterprise projects: the authorization scope of a custom policy. A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.

    For details about the differences between IAM and enterprise projects, see Differences Between IAM and Enterprise Management.

The check mark (√) and cross symbol (x) respectively indicate that a permission can be or cannot be granted for the corresponding type of projects.

DLI supports the following actions that can be defined in custom policies:

Table 1 Actions supported by DLI

Permission

API

Action

IAM Project

Enterprise Project

Creating a queue

POST /v1.0/{project_id}/queues

dli:queue:createQueue

Deleting a queue

DELETE /v1.0/{project_id}/queues/{queue_name}

dli:queue:dropQueue

Submitting a job

POST /v1.0/{project_id}/jobs/submit-job

dli:queue:submitJob

×

Canceling a job

DELETE /v1.0/{project_id}/jobs/{job_id}

dli:queue:cancelJob

×

Viewing queue permissions of other users

GET /v1.0/{project_id}/queues/{queue_name}/users

dli:queue:showPrivileges

×

Restarting a queue

PUT /v1.0/{project_id}/queues/{queue_name}/action

dli:queue:restart

×

Scaling out/in a queue

PUT /v1.0/{project_id}/queues/{queue_name}/action

dli:queue:scaleQueue

×

Granting elastic resource pool permissions

PUT /v1.0/{project_id}/user-authorization

dli:elasticresourcepool:grantPrivilege

×

Revoking elastic resource pool permissions

PUT /v1.0/{project_id}/user-authorization

dli:elasticresourcepool:revokePrivilege

×

Creating a database

POST /v1.0/{project_id}/databases

dli:database:createDatabase

×

Deleting a database

DELETE /v1.0/{project_id}/databases/{database_name}

dli:database:dropDatabase

×

Modifying database configuration

POST /v1.0/{project_id}/jobs/submit-job

dli:database:alterDatabaseProperties

×

Explaining the SQL statement as an execution plan

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:database:explain

×

Creating a table

POST /v1.0/{project_id}/databases/{database_name}/tables

dli:database:createTable

×

Creating a view

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:database:createView

×

Creating a function

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:database:createFunction

×

Describing a function

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:database:describeFunction

×

Deleting a function

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:database:dropFunction

×

Displaying a function

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:database:showFunctions

×

Creating a role

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:database:createRole

×

Deleting a role

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:database:dropRole

×

Displaying a role

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:database:showRoles

×

Displaying all roles

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:database:showAllRoles

×

Binding a role

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:database:grantRole

×

Unbinding a role

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:database:revokeRole

×

Displaying the binding relationships between all roles and users

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:database:showUsers

×

Viewing database permissions of other users

GET /v1.0/{project_id}/databases/{database_name}/users

dli:database:showPrivileges

×

Displaying a database

GET /v1.0/{project_id}/databases

dli:database:displayDatabase

×

Displaying all databases

GET /v1.0/{project_id}/databases

dli:database:displayAllDatabases

×

Displaying all tables

GET /v1.0/{project_id}/databases

dli:database:displayAllTables

×

Granting database permissions to a specified user

PUT /v1.0/{project_id}/user-authorization

dli:database:grantPrivilege

×

Removing database permissions of a specified user

PUT /v1.0/{project_id}/user-authorization

dli:database:revokePrivilege

×

Deleting a table

DELETE /v1.0/{project_id}/databases/{database_name}/tables/{table_name}

dli:table:dropTable

×

Displaying the table structure

POST /v1.0/{project_id}/jobs/submit-job, executing corresponding SQL statements

dli:table:describeTable

×

Querying a table

GET /v1.0/{project_id}/databases/{database_name}/tables/{table_name}/preview

dli:table:select

×

Displaying table configuration

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:table:showTableProperties

×

Displaying the table creation statement

GET /v1.0/{project_id}/databases/{database_name}/tables/{table_name}/preview

dli:table:showCreateTable

×

Displaying all partitions

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:table:showPartitions

×

Setting table configuration

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:table:alterTableSetProperties

×

Adding a column

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:table:alterTableAddColumns

×

Adding partitions to a partitioned table

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:table:alterTableAddPartition

×

Renaming a table partition

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:table:alterTableRenamePartition

×

Deleting partitions from a partitioned table

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:table:alterTableDropPartition

×

Restoring a table partition

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:table:alterTableRecoverPartition

×

Renaming a table

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:table:alterTableRename

×

Setting the partition path

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:table:alterTableSetLocation

×

Inserting table data

POST /v1.0/{project_id}/jobs/submit-job, statement calling

dli:table:insertIntoTable

×

Overwriting table data

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:table:insertOverwriteTable

×

Viewing table permissions of other users

GET /v1.0/{project_id}/databases/{database_name}/tables/{table_name}/users

dli:table:showPrivileges

×

Clearing a table

POST /v1.0/{project_id}/jobs/submit-job

dli:table:truncateTable

×

Updating a table

POST /v1.0/{project_id}/jobs/submit-job

dli:table:update

×

Deleting table data

POST /v1.0/{project_id}/jobs/submit-job

dli:table:delete

×

Modifying column information

POST /v1.0/{project_id}/jobs/submit-job

dli:table:alterTableChangeColumn

×

Deleting a column

POST /v1.0/{project_id}/jobs/submit-job

dli:table:alterTableDropColumns

×

Displaying data segments

POST /v1.0/{project_id}/jobs/submit-job

dli:table:showSegments

×

Merging data segments

POST /v1.0/{project_id}/jobs/submit-job

dli:table:compaction

×

Modifying a view

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:table:alterView

×

Displaying the table structure

POST /v1.0/{project_id}/jobs/submit-job

dli:table:describeTable

×

Granting data table permissions to a specified user

PUT /v1.0/{project_id}/user-authorization

dli:table:grantPrivilege

×

Removing data table permissions of a specified user

PUT /v1.0/{project_id}/user-authorization

dli:table:revokePrivilege

×

Batch adding resource tags

POST /v3/{project_id}/{resource_type}/{resource_id}/tags/create

dli::tagResource

Batch deleting resource tags

POST /v3/{project_id}/{resource_type}/{resource_id}/tags/delete

dli::unTagResource

Querying the number of resource instances

POST /v3/{project_id}/{resource_type}/resource-instances/count

dli::listResourcesByTag

×

Listing resource instances

POST /v3/{project_id}/{resource_type}/resource-instances/filter

dli::listResourcesByTag

×

Querying tags of a specified resource type

GET /v3/{project_id}/{resource_type}/tags

dli::listTags

×

Querying tags of a specified resource instance

GET /v3/{project_id}/{resource_type}/{resource_id}/tags

dli::listTagsForResource

Viewing the security authentication information permission list of other users

GET /v1.0/{project_id}/datasource/auth-infos/{auth_name}/users

dli:datasourceauth:showPrivileges

×

Using security authentication information

POST /v1.0/{project_id}/jobs/submit-job

dli:datasourceauth:useAuth

×

Deleting security authentication information

DELETE /v2.0/{project_id}/datasource/auth-infos/{auth_info_name}

dli:datasourceauth:dropAuth

×

Updating security authentication information

PUT /v2.0/{project_id}/datasource/auth-infos

dli:datasourceauth:updateAuth

×

Granting security authentication permissions to a specified user

PUT /v1.0/{project_id}/user-authorization

dli:datasourceauth:grantPrivilege

×

Removing security authentication permissions of a specified user

PUT /v1.0/{project_id}/user-authorization

dli:datasourceauth:revokePrivilege

×

Removing job permissions of a specified user

PUT /v1.0/{{project_id}}/authorization

dli:jobs:revokePrivilege

×

Querying a column

POST /v1.0/{project_id}/jobs/submit-job, SQL statement calling

dli:column:select

×

Granting permissions to a specified user queue

PUT /v1.0/{project_id}/user-authorization

dli:column:grantPrivilege

×

Removing permissions of a specified user queue

PUT /v1.0/{project_id}/user-authorization

dli:column:revokePrivilege

×

Listing Flink jobs

GET /v1.0/{project_id}/streaming/jobs

dli:jobs:listAll

×

Querying Flink job details

GET /v1.0/{project_id}/streaming/jobs/{job_id}

dli:jobs:get

×

Creating a Flink SQL job

POST /v1.0/{project_id}/streaming/sql-jobs

dli:jobs:create

×

Creating a Flink Jar job

POST /v1.0/{project_id}/streaming/flink-jobs

dli:jobs:create

×

Updating a Flink SQL job

PUT /v1.0/{project_id}/streaming/sql-jobs/{job_id}

dli:jobs:update

×

Updating a Flink Jar job

PUT /v1.0/{project_id}/streaming/flink-jobs/{job_id}

dli:jobs:update

×

Deleting a Flink job

DELETE /v1.0/{project_id}/streaming/jobs/{job_id}

dli:jobs:delete

×

Running Flink jobs in batches

POST /v1.0/{project_id}/streaming/jobs/run

dli:jobs:start

×

Stopping a Flink job

POST /v1.0/{project_id}/streaming/jobs/{job_id}/stop

dli:jobs:stop

×