Updated on 2025-09-15 GMT+08:00

Actions Supported by Policies

This section describes the actions supported by DataArts Fabric policies.

Supported Actions

DataArts Fabric provides two types of policies: system-defined policies and custom policies. If system-defined policies do not meet your requirements, you can create custom policies and apply them to user groups for refined access control. The following are related concepts:

  • Permissions: Statements in a policy that allow or deny certain operations.
  • APIs: REST APIs that can be called in a custom policy.
  • Actions: Specific operations that are allowed or denied by a custom policy. You can specify actions in a custom policy to control the permissions of IAM users.
  • Related actions: Actions on which a specific action depends to take effect. When assigning permissions for the action to a user, you also need to assign permissions for the related actions.
  • IAM projects/Enterprise projects: The authorization scope of a custom policy. Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. For details about the differences between IAM and enterprise projects, see Differences Between IAM and Enterprise Management.

DataArts Fabric supports the following actions in custom policies:

Lifecycle Management

Table 1 Lifecycle management actions

Permission

API

Action

Related Action

IAM Project

(Project)

Enterprise Project

(Enterprise Project)

Listing workspaces

GET /v1/workspaces

DataArtsFabric:workspace:list

-

Creating a workspace

POST /v1/workspaces

DataArtsFabric:workspace:create

lakeformation:instance:describe

Modifying a workspace

PUT

/v1/workspaces/{workspace_id}

DataArtsFabric:workspace:alter

lakeformation:instance:describe

×

Modifying workspace monitoring configurations

PUT

/v1/workspaces/{workspace_id}/metrics

DataArtsFabric:workspace:alterMetrics

-

×

Deleting a workspace

DELETE

/v1/workspaces/{workspace_id}

DataArtsFabric:workspace:drop

-

×

Querying compute resources

GET

/v1/workspaces/{workspace_id}/computes

DataArtsFabric:workspace:listCompute

-

×

Creating a computing resource

POST

/v1/workspaces/{workspace_id}/computes

DataArtsFabric:workspace:createCompute

-

×

Modifying a compute resource

PUT /v1/workspaces/{workspace_id}/computes/{compute_id}

DataArtsFabric:workspace:alterCompute

-

×

Deleting a compute resource

DELETE /v1/workspaces/{workspace_id}/computes/{compute_id}

DataArtsFabric:workspace:dropCompute

-

×

Listing the endpoints of a workspace

GET

/v1/workspaces/{workspace_id}/endpoints

DataArtsFabric:endpoint:list

-

×

Creating an endpoint for a workspace

POST

/v1/workspaces/{workspace_id}/endpoints

DataArtsFabric:endpoint:create

-

×

Querying the endpoint details of a workspace

GET /v1/workspaces/{workspace_id}/endpoints/{endpoint_id}

DataArtsFabric:endpoint:show

-

×

Modifying an endpoint of a workspace

PUT /v1/workspaces/{workspace_id}/endpoints/{endpoint_id}

DataArtsFabric:endpoint:alter

-

×

Deleting an endpoint of a workspace

DELETE /v1/workspaces/{workspace_id}/endpoints/{endpoint_id}

DataArtsFabric:endpoint:drop

DataArtsFabric:job:listJobInstance

DataArtsFabric:service:listInstance

×

Subscribing to a public endpoint

POST /v1/workspaces/{workspace_id}/endpoints/{endpoint_id}/subscribe

DataArtsFabric:endpoint:subscribe

-

×

Listing jobs

GET

/v1/workspaces/{workspace_id}/jobs

DataArtsFabric:job:list

-

×

Creating a job

POST

/v1/workspaces/{workspace_id}/jobs

DataArtsFabric:job:create

-

×

Querying a job

GET /v1/workspaces/{workspace_id}/jobs/{job_id}/versions

DataArtsFabric:job:show

-

×

Modifying a job

PUT /v1/workspaces/{workspace_id}/jobs/{job_id}

DataArtsFabric:job:alter

-

×

Deleting a job

DELETE /v1/workspaces/{workspace_id}/jobs/{job_id}

DataArtsFabric:job:drop

DataArtsFabric:job:listJobInstance

×

Creating a model

POST

/v1/workspaces/{workspace_id}/models

DataArtsFabric:model:create

obs:bucket:HeadBucket

obs:bucket:ListBucketVersions

obs:bucket:ListAllMyBuckets

obs:bucket:ListBucket

×

Listing models

GET /v1/workspaces/{workspace_id}/models

DataArtsFabric:model:list

-

×

Querying a model

GET /v1/workspaces/{workspace_id}/models/{model_id}/versions

DataArtsFabric:model:show

-

×

Deleting a model

DELETE /v1/workspaces/{workspace_id}/models/{model_id}/versions

DataArtsFabric:model:drop

DataArtsFabric:service:listInstance

×

Modifying a model

PUT /v1/workspaces/{workspace_id}/models/{model_id}/versions

DataArtsFabric:model:alter

-

×

Creating a tag

POST

/v1/{project_id}/fabric-workspace/{workspace_id}/tags/create

DataArtsFabric:workspace:tagResource

-

×

Deleting a tag

POST

/v1/{project_id}/fabric-workspace/{workspace_id}/tags/delete

DataArtsFabric:workspace:unTagResource

-

×

Listing tags

GET

/v1/{project_id}/fabric-workspace/tags

DataArtsFabric:workspace:listTags

-

×

Querying tags of a specific resource

GET /v1/{project_id}/fabric-workspace/{workspace_id}/tags

DataArtsFabric:workspace:listTagsForResource

-

×

Listing resources by tag

POST /v1/{project_id}/fabric-workspace/resource-instances/filter

DataArtsFabric:workspace:listResourcesByTag

-

Creating a notification policy

POST

/v1/workspaces/{workspace_id}/messages

DataArtsFabric:workspace:createMessagePolicy

iam:agencies:listAgencies

iam:roles:listRoles

iam:permissions:listRolesForAgency

smn:topic:list

×

Listing notification policies

GET

/v1/workspaces/{workspace_id}/messages

DataArtsFabric:workspace:listMessagePolicy

-

×

Deleting a notification policy

DELETE /v1/workspaces/{workspace_id}/messages/{message_policy_id}

DataArtsFabric:workspace:deleteMessagePolicy

-

×

Listing running jobs

GET

/v1/workspaces/{workspace_id}/jobs/runs

DataArtsFabric:job:listJobInstance

DataArtsFabric:workspace:list

×

Running a job

POST

/v1/workspaces/{workspace_id}/jobs/runs

DataArtsFabric:job:run

DataArtsFabric:workspace:list

DataArtsFabric:endpoint:show

×

Querying a running job

GET /v1/workspaces/{workspace_id}/jobs/runs/{run_id}

DataArtsFabric:job:showJobInstance

DataArtsFabric:workspace:list

DataArtsFabric:endpoint:show

×

Deleting a running job

DELETE /v1/workspaces/{workspace_id}/jobs/runs/{run_id}

DataArtsFabric:job:dropJobInstance

DataArtsFabric:workspace:list

DataArtsFabric:endpoint:show

×

Canceling a running job

POST /v1/workspaces/{workspace_id}/jobs/runs/{run_id}/cancel

DataArtsFabric:job:cancelJobInstance

DataArtsFabric:workspace:list

DataArtsFabric:endpoint:show

×

Invoking an inference service instance

POST /v1/workspaces/{workspace_id}/services/instances/{instance_id}/invocations

DataArtsFabric:model:inference

DataArtsFabric:workspace:list

DataArtsFabric:endpoint:show

×

Listing routes

GET

/v1/workspaces/{workspace_id}/routes

DataArtsFabric:workspace:listRoute

DataArtsFabric:workspace:list

×

Querying sessions

POST /v1/sessions

DataArtsFabric:workspace:showSession

-

×