Halaman ini belum tersedia dalam bahasa lokal Anda. Kami berusaha keras untuk menambahkan lebih banyak versi bahasa. Terima kasih atas dukungan Anda.

Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive

Configuring Table Permissions on the DLI Console

Updated on 2024-09-30 GMT+08:00

Operation Scenario

  • By setting permissions, you can assign varying table permissions to different users.
  • The administrator and table owner have all permissions, which cannot be set or modified by other users.
  • When setting table permissions for a new user, ensure that the region of the user group the user belongs to has the Tenant Guest permission. For details about the Tenant Guest permission and how to apply for the permission, see Permissions Policies and Creating a User Group and Assigning Permissions in the Identity and Access Management User Guide.

Precautions

  • By the rules in Common Operations Supported by DLI System Policy, you need to authorize a user to view tables in a database of the owner account.
  • If you create a table with the same name as a deleted table, the table permissions will not be inherited. In this case, you need to grant the table permissions to users or projects.

    For example, user A is granted with the permission to delete the testTable table. Delete the table and create another one with the same name. You need to grant user A the deletion permission of the testTable table again.

Viewing Table Permissions

  1. On the left of the management console, choose Data Management > Databases and Tables.
  2. Click the database name in the table whose authority is to be set. The Table Management page of the database is displayed.
  3. Locate the row where the target table resides and click Manage Permissions in the Operation column.
    Figure 1 Table permission management

    Permissions can be granted to new users or projects, modified for users or projects with existing permissions, or revoked from a user or project.

Granting Permissions to a New User or a Project

Here, the new user or project refers to a user or a project that does not have permissions on the database.
  1. Click the table you need. In the displayed table permissions page, click Grant Permission in the upper right corner.
  2. In the displayed Grant Permission dialog box, select the required permissions.
    • For details about the DLI table permissions, see Table 1.
      Figure 2 Granting DLI table permissions to a user
      Figure 3 Granting DLI table permissions to a project
      Table 1 Parameter description

      Parameter

      Description

      Authorization Object

      Select User or Project.

      Username/Project

      • If you select User, enter the IAM username when granting table permissions to the user.
        NOTE:

        The username is an existing IAM user name and has logged in to the DLI management console.

      • If you select Project, select the project to be authorized in the current region.
        NOTE:

        If you select Project, you can only view information about the authorized tables and their databases.

      Non-inheritable Permissions

      Select a permission to grant it to the user, or deselect a permission to revoke it.

      • The following permissions are applicable to both user and project authorization:
        • Select Table: This permission allows you to query data of the current table.
        • View Table Information: This permission allows you to view information about the current table.
        • View Table Creation Statement: This permission allows you to view the statement for creating the current table.
        • Drop Table: This permission allows you to delete the current table.
        • Rename Table: Rename the current table.
        • Insert: This permission allows you to insert data into the current table.
        • Overwrite: This permission allows you to insert data to overwrite the data in the current table.
        • Add Column: Add columns to the current table.
        • Grant Permission: The current user can grant table permissions to other users.
        • Revoke Permission: The current user can revoke the table's permissions that other users have but cannot revoke the table owner's permissions.
        • View Other Users' Permissions: This permission allows you to query other users' permission on the current table.

        The partition table also has the following permissions:

        • Delete Partition: This permission allows you to delete existing partitions from a partition table.
        • View All Partitions: This permission allows you to view all partitions in a partition table.
      • The following permissions can only be granted to users:
        • View Table: This permission allows you to display the current table.
    • For details about the OBS table permissions, see Table 2.
      Figure 4 Granting OBS table permissions to a user
      Figure 5 Granting OBS table permissions to a project
      Table 2 Parameter description

      Parameter

      Description

      Authorization Object

      Select User or Project.

      Username/Project

      • If you select User, enter the IAM username when granting table permissions to the user.
        NOTE:

        The username is an existing IAM user name and has logged in to the DLI management console.

      • If you select Project, select the project to be authorized in the current region.
        NOTE:

        If you select Project, you can only view information about the authorized tables and their databases.

      Non-inheritable Permissions

      Select a permission to grant it to the user, or deselect a permission to revoke it.
      • The following permissions are applicable to both user and project authorization:
        • View Table Creation Statement: This permission allows you to view the statement for creating the current table.
        • View Table Information: This permission allows you to view information about the current table.
        • Select Table: This permission allows you to query data of the current table.
        • Drop Table: This permission allows you to delete the current table.
        • Rename Table: Rename the current table.
        • Insert: This permission allows you to insert data into the current table.
        • Overwrite: This permission allows you to insert data to overwrite the data in the current table.
        • Add Column: This permission allows you to add columns to the current table.
        • Grant Permission: This permission allows you to grant table permissions to other users or projects.
        • Revoke Permission: This permission allows you to revoke the table's permissions that other users or projects have but cannot revoke the table owner's permissions.
        • View Other Users' Permissions: This permission allows you to query other users' permission on the current table.
        The partition table also has the following permissions:
        • Add Partition: This permission allows you to add a partition to a partition table.
        • Delete Partition: This permission allows you to delete existing partitions from a partition table.
        • Configure Path for Partition: This permission allows you to set the path of a partition in a partition table to a specified OBS path.
        • Rename Table Partition: This permission allows you to rename partitions in a partition table.
        • Restore Table Partition: This permission allows you to export partition information from the file system and save the information to metadata.
        • View All Partitions: This permission allows you to view all partitions in a partition table.
      • The following permissions can only be granted to users:
        • View Table: This permission allows you to view the current table.
    • For details about the view permissions, see Table 3.
      NOTE:

      A view can be created only by using SQL statements. You cannot create a view on the Create Table page.

      Figure 6 Granting view permissions to a user
      Figure 7 Granting view permissions to a project
      Table 3 Parameter description

      Parameter

      Description

      Authorization Object

      Select User or Project.

      Username/Project

      • If you select User, enter the IAM username when adding a user to the database.
        NOTE:

        The username is an existing IAM user name and has logged in to the DLI management console.

      • If you select Project, select the project to be authorized in the current region.
        NOTE:

        If you select Project, you can only view information about the authorized tables and their databases.

      Non-inheritable Permissions

      Select a permission to grant it to the user, or deselect a permission to revoke it.
      • The following permissions are applicable to both user and project authorization:
        • View Table Information: This permission allows you to view information about the current table.
        • View Table Creation Statement: This permission allows you to view the statement for creating the current table.
        • Drop Table: This permission allows you to delete the current table.
        • Select Table: This permission allows you to query data of the current table.
        • Rename Table: Rename the current table.
        • Grant Permission: The current user or project can grant table permissions to other users or projects.
        • Revoke Permission: The current user or project can revoke the table's permissions that other users or projects have but cannot revoke the table owner's permissions.
        • View Other Users' Permissions: This permission allows you to query other users' permission on the current table.
      • Only applicable to
        • View Table: This permission allows you to view the current table.
  3. Click OK.

Modifying Permissions for an Existing User or Project

For a user or project that has some permissions on the database, you can revoke the existing permissions or grant new ones.

NOTE:

If all options under Set Permission are gray, you are not allowed to change permissions on this table. You can apply to the administrator, table owner, or other authorized users for granting and revoking table permissions.

  1. In the User Permission Info list, find the user whose permission needs to be set.
    • If the user is an IAM user and is not the owner of the table, you can set permissions.
    • If the user is an administrator or table owner, you can only view permissions.

    In the Project Permission Info list, locate the project for which you want to set permissions and click Set Permission.

  2. In the Operation column of the IAM user or project, click Set Permission. The Set Permission dialog box is displayed.
    • For details about DLI table user or project permissions, see Table 1.
    • For details about OBS table user or project permissions, see Table 2.
    • For details about View table user or project permissions, see Table 3.
  3. Click OK.

Revoking All Permissions of a User or Project

Revoke all permissions of a user or a project.

  • In the user list under User Permission Info, locate the row where the target IAM user resides and click Revoke Permission in the Operation column. In the displayed dialog box, click OK. In this case, the user has no permissions on the table.
    NOTE:

    In the following cases, Revoke Permission is gray, indicating that the permission of the user cannot be revoked.

    • The user is an administrator.
    • The IAM user is the owner of the table.
    • The IAM user has only inheritable permissions.
  • In the Project Permission Info area, select the project whose permissions need to be revoked and click Revoke Permission in the Operation column. After you click OK, the project does not have any permissions on the table.
    NOTE:

    If a project has only inheritable permissions, Revoke Permission is gray, indicating that the permissions of the project cannot be revoked.

Kami menggunakan cookie untuk meningkatkan kualitas situs kami dan pengalaman Anda. Dengan melanjutkan penelusuran di situs kami berarti Anda menerima kebijakan cookie kami. Cari tahu selengkapnya

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback