Help Center/ Data Lake Insight/ User Guide/ Creating a Data Directory, Database, and Table/ Managing Data Catalogs on the DLI Console/ Configuring Data Catalog Permissions on the DLI Console
Updated on 2025-08-15 GMT+08:00
View PDF
Share

Configuring Data Catalog Permissions on the DLI Console

Scenario

  • DLI data catalogs support authorization on the DLI console or authentication through IAM. By setting permissions, you can grant varying data catalog permissions to different users.
  • Administrators and data catalog owners (users who create data catalogs on DLI) have all data catalog permissions by default. You do not need to set permissions for them, and other users cannot modify their data catalog permissions.
  • When setting data catalog permissions for a new user, ensure that the region of the user group the user belongs to has the Tenant Guest permission.

    For details about the Tenant Guest permission and how to apply for the permission, see System Permissions and Creating a User Group in Identity and Access Management User Guide.

Precautions

  • Data catalog permissions are non-inherited permissions, meaning they apply only to the current data catalog. Databases and tables within the data catalog cannot inherit any permissions from it.
  • Data catalog owners or users with the Assign catalog access to specified users permission can grant permissions to data catalogs.
  • If you create a data catalog with the same name after deleting an existing one, the permissions will not be inherited and must be regranted to users.

Data Catalog Permissions

You can also use IAM to grant data catalog permissions to specified users. For details about data catalog permissions, see Table 1.

Table 1 Data catalog permissions

Operation

Permission Set (service:resource:action)

Authorization on the DLI Console

API-based Authorization

IAM-based Authorization

Unbinding a data catalog

dli:catalog:unbind

Supported

Supported

Supported

Querying data catalog binding details

dli:catalog:get

Supported

Supported

Supported

Granting permissions

dli: catalog: grantPrivilege

Supported

Supported

Supported

Revoking permissions

dli: catalog: revokePrivilege

Supported

Supported

Supported

Viewing permissions of other users

dli: catalog: showPrivileges

Supported

Supported

Supported

Binding a data catalog

dli:catalog:bind

Not supported

Supported

Supported

Querying the data catalog binding list

dli:catalog:list

Not supported

Supported

Supported

Granting Data Catalog Permissions to a New User on the DLI Management Console

Grant permissions to a new user or project that previously did not have permissions on this data catalog.
  1. In the navigation pane on the left of the management console, choose SQL Editor.
  2. On the displayed Catalog tab, locate the data catalog you want to view, click , and select Permissions.
  3. On the displayed page, click Grant Permission in the upper right corner. In the dialog box that appears, enter the username you want to grant permissions to and select required permissions. For details about the permissions, see Table 2.
    Figure 1 Granting permissions on a data catalog to a user
    Table 2 Parameter descriptions

    Parameter

    Description

    Username
    Name of an IAM user you wish to grant permissions to.
    NOTE:

    The username must be an existing IAM username and has been used to log in to the DLI management console.

    Permission

    Selecting a permission grants it to a user, while deselecting a permission revokes it from the user.

    Data catalog permissions are non-inherited permissions, meaning they apply only to the current data catalog. Databases and tables within the data catalog cannot inherit any permissions from it.
    • Unbind catalogs: permission to unbind the data catalog from DLI.
    • Query the details of bound catalogs: permission to view data catalog binding information. This permission is required if you need to use the data catalog when submitting jobs.
    • Assign catalog access to specified users: permission to grant permissions on a data catalog to specified users.
    • Revoke catalog access from specified users: permission to revoke permissions on a data catalog from specified users.
    • View catalog access rights for other users: permission to view the permissions of other users in the current data catalog.
  4. Click OK.

Modifying Permissions on a Data Catalog

If a user has certain permissions on a data catalog, you can modify or revoke those permissions for the user.

If the options in Set Permission are gray, the corresponding account does not have the permission to modify the data catalog. You can request the Assign catalog access to specified users and Revoke catalog access from specified users permissions from administrators, data catalog owners, or other authorized users with permission-granting permissions.

  1. On the User Permissions page, locate the user you wish to set permissions for.
    • If the user is an IAM user, you can set permissions for it.
    • If the user is already an administrator, you can only view the permissions information.
  2. In the Operation column of the IAM user or project, click Set Permission. The Set Permission dialog box appears.

    For details about data catalog permissions, see Table 2.

  3. Select or deselect the permissions and click OK.
Parent Topic: Managing Data Catalogs on the DLI Console