Help Center/ DataArts Studio/ FAQs/ DataArts Security/ Why Does the System Display a Message Indicating Insufficient Permissions During Permission Synchronization to DLI?
Updated on 2025-06-05 GMT+08:00
View PDF
Share

Why Does the System Display a Message Indicating Insufficient Permissions During Permission Synchronization to DLI?

The tasks of synchronizing permissions to DLI are completed through the cloud service agency (dlg_agency). The agency must have the permissions listed in Table 1.

Table 1 Required permissions

Permission

Purpose

Mandatory

Authorization Item/System Permission (Configure Either of Them)

IAM permission

This permission is required for the system to obtain users or user groups, or create roles.

For example, user or permission synchronization fails if this permission is missing.

Mandatory for MRS, GaussDB(DWS), and DLI permission management
  • iam:users:listUsers
  • iam:groups:listGroups
  • iam:users:listUsersForGroup
  • iam:roles:createRole
  • iam:roles:deleteRole
  • iam:roles:updateRole
  • iam:permissions:grantRoleToGroup
  • iam:permissions:listRoleAssignments
  • iam:permissions:revokeRoleFromGroup
NOTE:

Due to the restrictions of permission policies in IAM, no action is available for obtaining DLI user groups. To manage the permissions of DLI user groups, you must grant the Security Administrator system permissions.

Security Administrator

Permission for synchronizing permissions to DLI

This permission is required for DLI permission synchronization and sensitive data discovery.

For example, if this permission is missing, DLI permission synchronization fails and the system displays a message indicating insufficient permissions.

Mandatory for DLI permission management

Actions are not supported. System permissions DLI FullAccess and DLI Service Administrator are required.

DLI FullAccess

DLI Service Administrator

If this message is displayed, perform the following operations to grant permissions (system permissions in this example) to dlg_agency:

  1. Log in to the IAM console.
  2. In the navigation pane, choose Agencies.
  3. Search for dlg_agency and click Authorize in the Operation column.
    Figure 1 Granting permissions to dlg_agency
  4. On the displayed page, search for and select Security Administrator and DLI FullAccess, and click Next.
    Figure 2 Selecting Security Administrator
  5. Click OK. Wait for 15 to 30 minutes. The permissions will be synchronized to DLI.
Parent topic: DataArts Security