IAM Permissions

Elastic Resource Pool

**Table 1** Elastic resource pool permission set
Operation	Permission (service:resource:action) (Role/Policy-based Authorization)
Creating an elastic resource pool	dli:elasticresourcepool:create
Querying all elastic resource pools	/
Deleting an elastic resource pool	dli:elasticresourcepool:drop
Modifying elastic resource pool information	dli:elasticresourcepool:update
Associating a queue with an elastic resource pool	dli:elasticresourcepool:resourceManagement
Querying all queues in an elastic resource pool	dli:elasticresourcepool:resourceManagement
Modifying the scaling policy of a queue associated with an elastic resource pool	dli:elasticresourcepool:resourceManagement
Viewing scaling history of an elastic resource pool	dli:elasticresourcepool:scale

Queue

**Table 2** Queue permission set
Operation	Permission (service:resource:action) (Role/Policy-based Authorization)
Creating a queue	dli:queue:createQueue
Querying all queues	/
Deleting a queue	dli:queue:dropQueue
Modifying the CIDR block of a queue (deprecated)	dli:queue:updateQueue
Querying queue details	/
Restarting, scaling out, and scaling in queues	dli:queue:scaleQueue
Creating an address connectivity test request	/
Querying connectivity test details of a specified address	/
Creating a scheduled CU change (deprecated)	dli:queue:scaleQueue
Viewing a scheduled CU change (deprecated)	dli:queue:scaleQueue
Batch deleting scheduled CU changes (deprecated)	dli:queue:scaleQueue
Modifying a scheduled CU change (deprecated)	dli:queue:scaleQueue
Deleting a scheduled CU change (deprecated)	dli:queue:scaleQueue
Adding queue properties	dli:queue:updateQueue
Querying queue properties	/
Updating queue properties	dli:queue:updateQueue
Deleting queue properties	dli:queue:updateQueue
Setting the queue scale-out range	dli:queue:scaleQueue
Buying a yearly/monthly elastic resource pool	dli:elasticresourcepool:create
Modifying the specifications of a yearly/monthly elastic resource pool	dli:elasticresourcepool:scale

Enhanced Datasource Connection

**Table 3** Enhanced datasource connection permission set
Operation	Permission (service:resource:action) (Role/Policy-based Authorization)
Creating an enhanced datasource connection	/
Querying the enhanced datasource connection list	/
Deleting an enhanced datasource connection	/
Querying an enhanced datasource connection	/
Modifying the host information of an enhanced datasource connection	/
Binding a queue	/
Unbinding a queue	/
Querying authorization of an enhanced datasource connection	/
Creating a route for an enhanced datasource connection (deprecated)	/
Deleting a route from an enhanced datasource connection (deprecated)	/
Creating a route for an enhanced datasource connection	/
Deleting a route from an enhanced datasource connection	/

Package and Package Group

**Table 4** Package and package group permission set
Operation	Permission (service:resource:action) (Role/Policy-based Authorization)
Uploading a package group (deprecated)	/
Querying the package group list (deprecated)	dli:resource:listResource
Uploading a JAR package group (deprecated)	/
Uploading a file package group (deprecated)	/
Uploading a PyFile package group (deprecated)	/
Querying resource packages in a group (deprecated)	dli:resource:getResource
Deleting a resource package from a group (deprecated)	dli:resource:deleteResource
Changing the owner of a group or resource package (deprecated)	dli:resource:updateResource

Global Variable

**Table 5** Global variable permission set
Operation	Permission (service:resource:action) (Role/Policy-based Authorization)
Creating a global variable	/
Querying global variables	/
Deleting a DLI global variable	dli:variable:delete
Modifying a DLI global variable	dli:variable:update

Datasource Authentication

**Table 6** Datasource authentication permission set
Operation	Permission (service:resource:action) (Role/Policy-based Authorization)
Creating datasource authentication (deprecated)	/
Querying the datasource authentication list (deprecated)	dli:datasourceauth:list
Updating datasource authentication (deprecated)	dli:datasourceauth:update
Deleting datasource authentication (deprecated)	dli:datasourceauth:delete
Creating datasource authentication	/
Querying the datasource authentication list	dli:datasourceauth:listAuth
Updating datasource authentication information	dli:datasourceauth:updateAuth
Deleting datasource authentication information	dli:datasourceauth:dropAuth

SQL Job

**Table 7** SQL job permission set
Operation	Permission (service:resource:action) (Role/Policy-based Authorization)
Submitting a SQL job	dli:queue:submitJob
Canceling a job	dli:queue:cancelJob
Querying all SQL jobs	/
Querying all SQL jobs (deprecated)	/
Previewing SQL job query results	/
Querying the job status	/
Querying job details	/
Checking SQL syntax	/
Querying the job execution progress	/
Importing table data (deprecated)	dli:table:insertInto
Exporting table data (deprecated)	dli:table:select
Exporting query results (deprecated)	/
Submitting a SQL job (deprecated)	dli:queue:submitJob
Canceling a job (deprecated)	dli:queue:cancelJob
Querying job execution results (deprecated)	/
Creating a data upload task (deprecated)	/
Authenticating a data upload (deprecated)	/
Committing final data (deprecated)	/
Creating a data download channel	/
Creating a SQL template	/
Viewing all SQL templates	/
Batch deleting SQL templates	/
Updating a SQL template	/
Querying all sample SQL templates	/

Spark Job

**Table 8** Spark job permission set
Operation	Permission (service:resource:action) (Role/Policy-based Authorization)
Creating a batch processing job	/
Querying the batch processing job list	/
Querying batch processing job details	/
Canceling a batch processing job	/
Querying the status of a batch processing job	/
Querying batch processing job logs (deprecated)	/
Creating a job template	/
Querying the job template list	/
Modifying a job template	/
Querying a job template	/

Flink Job

**Table 9** Flink job permission set
Operation	Permission (service:resource:action) (Role/Policy-based Authorization)
Creating a Flink SQL job	dli:jobs:create
Updating a Flink SQL job	dli:jobs:update
Creating a Flink Jar job	dli:jobs:create
Updating a Flink Jar job	dli:jobs:update
Batch running jobs	dli:jobs:start
Batch stopping jobs	dli:jobs:stop
Querying the job list	dli:jobs:listAll
Querying job details	dli:jobs:get
Deleting a job	dli:jobs:delete
Batch deleting jobs	dli:jobs:delete
Exporting a Flink job	dli:jobs:export
Importing a Flink job	dli:jobs:create
Generating a static stream graph for a Flink SQL job	dli:jobs:get
Querying the job execution plan	dli:jobs:get
Importing a savepoint	dli:jobs:update
Creating a savepoint	dli:jobs:update
Checking job existence (protected)	/
Checking Flink SQL syntax (protected)	/
Querying jobmanager logs of a running job (protected)	/
Querying taskmanager logs of a running job (protected)	/
Querying job commit logs (protected)	/
Creating a template	/
Querying the template list	/
Deleting a template	/
Updating a template	/
Checking Flink template existence (Protected)	/
Querying the sample Flink system template list (protected)	/

Permission Management

**Table 10** Permission set for DLI permission management
Operation	Permission (service:resource:action) (Role/Policy-based Authorization)
Granting data access control to users or projects	/
Checking the permissions granted to a user	/
Granting queue permissions to a user (deprecated)	/
Querying queue users (deprecated)	/
Granting data permissions to users (deprecated)	/
Querying database users (deprecated)	/
Querying table users (deprecated)	/
Querying user permissions on a table (deprecated)	/
Querying the list of cross-project permissions on a database (protected)	/
Querying specific project permissions on a database (protected)	/
Querying the list of cross-project permissions on a table (protected)	/
Querying specific project permissions on a table (protected)	/
Querying cross-project permissions on a column (protected)	/
Changing a database name (protected)	dli:database:updateDatabase

Quota

**Table 11** Quota permission set
Operation	Permission (service:resource:action) (Role/Policy-based Authorization)
Querying a user's quota list	/

Data Catalog

**Table 12** Data catalog permission set
Operation	Permission (service:resource:action) (Role/Policy-based Authorization)
Querying information about all catalogs in a project	dli:catalog:list
Binding or unbinding a catalog mapping	dli:catalog:bind
Describing a catalog	dli:catalog:get

Database

**Table 13** Database permission set
Operation	Permission (service:resource:action) (Role/Policy-based Authorization)
Querying all databases (deprecated)	dli:database:list
Creating a database (deprecated)	dli:database:create
Changing a database owner (deprecated)	dli:database:update
Deleting a database (deprecated)	dli:database:dropDatabase

Table

**Table 14** Data table permission set
Operation	Permission (service:resource:action) (Role/Policy-based Authorization)
Querying all tables (deprecated)	dli:database:displayAllTables
Creating a table (deprecated)	dli:database:createTable
Changing a table owner (deprecated)	dli:table:update
Describing a table (deprecated)	dli:table:describe
Deleting a table (deprecated)	dli:table:delete
Previewing a table (deprecated)	dli:table:select
Querying the partition list (deprecated)	dli:table:showPartitions

SQL Inspection Rule

**Table 15** SQL inspection rule permission set
Operation	Permission (service:resource:action) (Role/Policy-based Authorization)
Creating a SQL inspection rule	dli:sqldefendrule:create
Modifying a SQL inspection rule	dli:sqldefendrule:update
Deleting a SQL inspection rule	dli:sqldefendrule:delete
Querying a SQL inspection rule	dli:sqldefendrule:get
Querying the SQL inspection rule list	dli:sqldefendrule:list