- What's New
- Function Overview
- Service Overview
- Getting Started
- User Guide
- Best Practices
- Developer Guide
-
API Reference
- Before You Start
- API Overview
- API Calling
-
API
-
Console
- Instance Management
- Job Management
-
Service Authorization Management
- Granting Permissions for Accessing Other Cloud Services
- Querying Cloud Service Access Permissions
- Registering a Tenant Agreement
- Querying whether a Tenant Has Registered an Agreement
- Deleting a Tenant Agreement
- Registering a Tenant Agreement
- Querying whether a Tenant Has Registered an Agreement
- Deleting a Tenant Agreement
- Querying the Current System Agreement
- OBS Management
- Access Management
- Specification Management
- Quota Management Service
- Tag Management Service
- Agency Management
- Alarm Management
- Metadata Management
- Location
-
LakeCat
- Function Management
- Catalog Management
- Database Management
- Table Management
- Data Table Statistics
- Zone-based Management
- Partition Statistics
- Authorization Management
- User Group Management
- Metadata Statistics
-
Role Management
- Creating a Role
- Listing Roles on Different Pages by Condition
- Deleting a Role
- Obtaining a Role
- Modifying a Role
- Listing All Role Names
- Querying the Users or User groups Under a Role
- Adding One or More Users or User Groups to a Role
- Removing One or More Users or User Groups from a Role
- Updating the Entities in a Role
- Credential Management
- Configuration Management
- User
-
Console
- Application Examples
- Permissions and Supported Actions
- Appendix
- FAQs
- General Reference
Copied.
Managing Roles
If a role has some permissions on resources (such as databases), users or user groups with this role also have the corresponding resource operation permissions.
If the service interconnected with the LakeFormation instance requires role authorization, the agency for interconnecting with LakeFormation must contain the permissions of the role.
For example, if the query permission of a role is required after LakeFormation is interconnected with an MRS cluster, select lakeformation:role:describe when creating a LakeFormation agency.
Creating a Role and Binding a User with It
- Log in to the LakeFormation console.
- In the upper left corner, click
and choose Analytics > LakeFormation to access the LakeFormation console.
- Select the target LakeFormation instance from the drop-down list box on the left and choose Data Permission > Role.
- Click Create, set Role Name and Description, and click OK.
- On the Roles page, click Add IAM User or Add Agency in the Operation column, select the target role and user, and click OK.
NOTE:
- You can also choose Data Permissions > Users in the navigation pane, locate the row that contains the user to be bound with the role, click Add in the Operation column, select the target role, and click OK.
- After the role is authorized, the users bound with the role have its permissions.
- For details about how to grant permissions to a created role, see Granting permissions.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot