Help Center/ DataArts Studio/ FAQs/ Consultation and Billing/ How Do I Create a Fine-Grained Permission Policy in IAM?
Updated on 2024-11-05 GMT+08:00

How Do I Create a Fine-Grained Permission Policy in IAM?

Currently, DataArts Studio does not support the creation of fine-grained permission policies in IAM. You are advised to use DAYU policies and workspace roles to control permissions. .

DataArts Studio assigns permissions through DAYU system roles and workspace roles. To ensure that the IAM user permissions are normal, the user group to which the IAM user belongs must be assigned the DAYU User or DAYU Administrator role on the IAM console. In addition, ensure that the IAM user with the DAYU User role has been assigned the corresponding role in the DataArts Studio workspace.

A workspace role determines the permissions of a user in the workspace. Currently, four preset roles are available: admin, developer, operator, and viewer. For details about the permissions of the roles, see DataArts Studio Permissions.

  • Admin: This role has all operation permissions in a workspace. You are advised to assign the admin role to the project owner, development owner, and O&M administrator.
  • Developer: This role has permissions to create and manage resources in a workspace. You are advised to assign this role to users who develop and process tasks.
  • Operator: This role has the operation permissions of services such as O&M and scheduling in a workspace, but cannot modify resources or configurations. You are advised to assign this role to users responsible for O&M management and status monitoring.
  • Viewer: This role can view data in a workspace but cannot perform any other operation. You are advised to assign this role to users who only need to view data in a workspace but do not need to perform operations.
  • Deployer: This role is unique to the enterprise mode and has permissions to release task packages in a workspace. In enterprise mode, when a developer submits a script or job version, the system generates a release task. After the developer confirms the release and the deployer approves the release request, the modified job is synchronized to the production environment.