Updated on 2025-09-09 GMT+08:00

Configuring Directory Permissions (Advanced Feature)

This section describes how to configure directory permission policies to control permissions on script and job directories in DataArts Factory, API directories in DataArts DataService Exclusive, and physical and logical models in DataArts Architecture based on users, user groups, or roles.

  • If no directory permission policy has been configured for DataArts Factory, DataArts DataService, and DataArts Architecture in a workspace, all users can view and operate the directories and resources in them by default.
  • If permission policies have been configured for the script or job directories in DataArts Factory in a workspace, all script and job directories in DataArts Factory are unavailable for common users who are not the DAYU Administrator, Tenant Administrator, data security administrator, or preset workspace administrator. These users cannot create, edit, view, delete, import, or export jobs or scripts in directories. However, they can perform operations such as creating directories, associating jobs with scripts, selecting dependent jobs, configuring alarms for jobs, viewing the operation history, backing up jobs, and monitoring jobs.
  • If permission policies have been configured for the API directories in DataArts DataService in a workspace, all API directories in DataArts DataService are unavailable for common users who are not the DAYU Administrator, Tenant Administrator, data security administrator, or preset workspace administrator. These users cannot create, edit, view, delete, import, or export APIs in directories, but can perform operations such as creating directories, viewing events and logs, and reviewing applications.
  • If permission policies have been configured for the directories of physical and logical models in DataArts Architecture in a workspace, all models in DataArts Architecture are unavailable for common users who are not the DAYU Administrator, Tenant Administrator, data security administrator, or preset workspace administrator. These users cannot create, edit, view, or delete tables in models, but can perform operations such as creating models and reviewing applications.

In the new version mode, you can configure directory permissions only when you are using the enterprise version. In the old version mode, this function is supported in the basic version or an advanced version.

Prerequisites

  • Before configuring directory permission policies for DataArts Factory, DataArts DataService, or DataArts Architecture, you must create directories in the corresponding module.
  • Only the DAYU Administrator, Tenant Administrator, data security administrator, and preset workspace administrator have the permission to create, edit, or delete directory permission policies.

Notes and Constraints

  • After directory permission policies are configured for DataArts Factory, DataArts DataService, or DataArts Architecture, common users who are not the DAYU Administrator, Tenant Administrator, data security administrator, or preset workspace administrator cannot view or operate the directories and resources in the directories in DataArts Factory or DataArts DataService.
  • Only the DAYU Administrator, Tenant Administrator, data security administrator, and preset workspace administrator have the permission to create, edit, or delete directory permission policies.
  • Multiple directories can be configured in a directory permission policy, but a user, user group, or role can exist in only one policy.

Creating a Directory Permission Policy

  1. On the DataArts Studio console, locate a workspace and click DataArts Security.
  2. In the left navigation pane, choose DataArts Resource Permission.

    Figure 1 Directory Permission page

  3. On the Directory Permission page, click Create. In the slide-out panel, set the parameters listed in Table 1 and click Submit.

    Table 1 Parameters for configuring a directory permission policy

    Parameter

    Description

    *Policy Name

    Enter the name of the directory permission policy. To facilitate policy management, you are advised to include the resource object and authorization object in the name.

    Authorization Content

    DataArts Factory (DLF)

    Select the level-1 script and job directories in DataArts Factory to be authorized.

    NOTE:
    • Even if you select only script directories or job directories, all script and job directories in DataArts Factory are unavailable for common users who are not the DAYU Administrator, Tenant Administrator, data security administrator, or preset workspace administrator after the policy is configured.
    • If you select only script directories or job directories in DataArts Factory, permissions on the directories in DataArts DataService are not affected by this policy.

    DataArts DataService (DLM)

    Select the level-1 API directories in DataArts DataService to be authorized.

    NOTE:

    If you select only API directories in DataArts DataService, permissions on the directories in DataArts Factory are not affected by this policy.

    DataArts Architecture (DS)

    Select the physical models, logical models, or subjects in DataArts Architecture to be authorized.

    NOTE:
    • Even if you select only physical models, logical models, or subjects, all physical models, logical models, and subjects in DataArts Architecture are unavailable for common users who are not the DAYU Administrator, Tenant Administrator, data security administrator, or preset workspace administrator after the policy is configured.
    • If you select only the physical models, logical models, or subject directories in DataArts Architecture, permissions on the directories in DataArts Factory or DataArts DataService are not affected by this policy.

    Authorized Object

    User

    Select the users to be authorized. The workspace users are available for selection.

    User Group

    Select the user groups to be authorized. The workspace user groups are available for selection.

    Role

    Select the roles to be authorized. The preset and custom roles are available for selection.

    Figure 2 Creating a directory permission policy

Related Operations

  • Editing policies: On the Directory Permission page, locate a policy and click Edit in the Operation column to edit the policy.
  • Deleting policies: On the Directory Permission page, locate a policy and click Delete in the Operation column to delete the policy. To delete multiple policies at a time, select the policies and click Delete above the policy list.

    The deletion operation cannot be undone. Exercise caution when performing this operation.