Configuring Workspace Resource Permission Policies

Prerequisites

Only the DAYU Administrator, Tenant Administrator, data security administrator, and preset workspace administrator have the permission to create, edit, or delete workspace resource permission policies.

Constraints

• Resources of workspaces in simple mode can be managed, but those of workspaces in enterprise mode cannot.
• If no permission is assigned to a resource, permission control is disabled for the resource.
• Currently, only the DataArts Factory component supports workspace resource permission policies. Other components are not restricted by workspace resource permission policies. In the following scenarios of DataArts Factory, authentication is performed based on workspace resource permission policies:
  • Selecting a connection, job agency, or public agency during script or job development
  • Submitting a script or job
• Resource permission management is not supported for the data connections created in DataArts Factory in earlier versions.
• When a workspace resource is deleted, the corresponding workspace resource permission policy will not be automatically deleted.

Creating a Workspace Resource Permission Policy

1. On the DataArts Studio console, locate an instance and click Access. On the displayed page, locate a workspace and click DataArts Security.
   Figure 1 DataArts Security
   

2. In the left navigation pane, choose Workspace Resource Permissions.
   Figure 2 Workspace Resource Permissions
   

3. On the Workspace Resource Permissions page, click Create. In the slide-out panel, set the parameters listed in Table 1 and click Save.

   Table 1 Parameters for creating a workspace resource permission policy

   Parameter	Description
   *Policy Name	Enter the name of the workspace resource permission policy. To facilitate policy management, you are advised to include the resource object and authorization object in the name.
   Resource Object
   Data Connection	Select the data connections in the Management Center to be authorized. For details about how to create a data connection, see Creating a Data Connection. NOTE: Permission control is disabled for the data connections that are not selected. Unauthorized common users (except the DAYU Administrator, Tenant Administrator, data security administrator, and preset workspace administrator) cannot view or use the selected connections.
   Agency	Select the IAM agencies to be authorized. Only cloud service agencies whose agency object is DGC are supported. For details about how to create an agency, see Reference: Creating an Agency. NOTE: Permission control is disabled for the agencies that are not selected. Unauthorized common users (except the DAYU Administrator, Tenant Administrator, data security administrator, and preset workspace administrator) cannot view or use the selected agencies.
   Authorization Object
   user	Select the users to be authorized. The workspace users are available for selection.
   user group	Select the user groups to be authorized. The workspace user groups are available for selection.
   role	Select the roles to be authorized. The preset and custom roles are available for selection.

   Figure 3 Creating a workspace resource permission policy
   

Related Operations

• Editing policies: On the Workspace Resource Permissions page, locate a policy and click Edit in the Operation column to edit the policy.
• Deleting policies: On the Workspace Resource Permissions page, locate a policy and click Delete in the Operation column to delete the policy. To delete multiple policies at a time, select the policies and click Delete above the policy list.
  

  The deletion operation cannot be undone. Exercise caution when performing this operation.