日本熟妇hd丰满老熟妇,中文字幕一区二区三区在线不卡 ,亚洲成片在线观看,免费女同在线一区二区

AI 助理
備案控制臺(tái)
文檔
輸入文檔關(guān)鍵字查找
首頁 云原生大數(shù)據(jù)計(jì)算服務(wù) MaxCompute 操作指南 數(shù)據(jù)湖集成-湖倉一體 湖倉一體1.0 附錄 自定義授權(quán)DLF

自定義授權(quán)DLF

更新時(shí)間:
產(chǎn)品詳情
相關(guān)技術(shù)圈
我的收藏

MaxCompute項(xiàng)目所在RAM用戶未經(jīng)授權(quán)無法訪問數(shù)據(jù)湖構(gòu)建DLF和對象存儲(chǔ)OSS,您可以通過為RAM用戶添加信任策略以及權(quán)限策略進(jìn)行自定義授權(quán)。本文為您介紹如何通過自定義授權(quán)方式對MaxCompute項(xiàng)目RAM用戶進(jìn)行授權(quán)。

背景信息

在MaxCompute與DLF和OSS構(gòu)建湖倉一體場景中,MaxCompute項(xiàng)目的RAM用戶未經(jīng)授權(quán)無法訪問DLF。

  • MaxCompute項(xiàng)目RAM賬號和部署DLF的賬號相同時(shí),添加信任策略時(shí)需要將service配置成odps.aliyuncs.com

  • MaxCompute項(xiàng)目RAM賬號和部署DLF的賬號不同時(shí),添加信任策略時(shí)需要將service配置成<MaxCompute項(xiàng)目的Owner云賬號id>@odps.aliyuncs.com。您可以在個(gè)人信息中獲取MaxCompute的Owner云賬號id

操作步驟

  1. 登錄RAM訪問控制臺(tái)創(chuàng)建可信實(shí)體為阿里云賬號的RAM角色。

  2. 通過RAM控制臺(tái)修改新建RAM角色的信任策略。

    操作詳情,請參見修改RAM角色的信任策略。信任策略內(nèi)容如下:

    • 創(chuàng)建MaxCompute項(xiàng)目的賬號和部署DLF的賬號是同一個(gè)賬號:

      {
"Statement": [
{
 "Action": "sts:AssumeRole",
 "Effect": "Allow",
 "Principal": {
   "Service": [
     "odps.aliyuncs.com"
   ]
 }
}
],
"Version": "1"
}

    • 創(chuàng)建MaxCompute項(xiàng)目的賬號和部署DLF的賬號不是同一個(gè)賬號:

      {
"Statement": [
{
 "Action": "sts:AssumeRole",
 "Effect": "Allow",
 "Principal": {
   "Service": [
     "<MaxCompute項(xiàng)目的Owner云賬號id>@odps.aliyuncs.com"  
   ]
 }
}
],
"Version": "1"
}

  3. 通過RAM控制臺(tái),為新建的RAM角色自定義權(quán)限策略。

    操作詳情,請參見創(chuàng)建自定義權(quán)限策略。自定義權(quán)限內(nèi)容如下:

    {
"Version": "1",
"Statement": [
{
 "Action": [
   "oss:ListBuckets",
   "oss:GetObject",
   "oss:ListObjects",
   "oss:PutObject",
   "oss:DeleteObject",
   "oss:AbortMultipartUpload",
   "oss:ListParts"
 ],
 "Resource": "*",
 "Effect": "Allow"
},
{
 "Action": [
 "dlf:CreateFunction",
"dlf:BatchGetPartitions",
"dlf:ListDatabases",
"dlf:CreateLock",
"dlf:UpdateFunction",
"dlf:BatchUpdateTables",
"dlf:DeleteTableVersion",
"dlf:UpdatePartitionColumnStatistics",
"dlf:ListPartitions",
"dlf:DeletePartitionColumnStatistics",
"dlf:BatchUpdatePartitions",
"dlf:GetPartition",
"dlf:BatchDeleteTableVersions",
"dlf:ListFunctions",
"dlf:DeleteTable",
"dlf:GetTableVersion",
"dlf:AbortLock",
"dlf:GetTable",
"dlf:BatchDeleteTables",
"dlf:RenameTable",
"dlf:RefreshLock",
"dlf:DeletePartition",
"dlf:UnLock",
"dlf:GetLock",
"dlf:GetDatabase",
"dlf:GetFunction",
"dlf:BatchCreatePartitions",
"dlf:ListPartitionNames",
"dlf:RenamePartition",
"dlf:CreateTable",
"dlf:BatchCreateTables",
"dlf:UpdateTableColumnStatistics",
"dlf:ListTableNames",
"dlf:UpdateDatabase",
"dlf:GetTableColumnStatistics",
"dlf:ListFunctionNames",
"dlf:ListPartitionsByFilter",
"dlf:GetPartitionColumnStatistics",
"dlf:CreatePartition",
"dlf:CreateDatabase",
"dlf:DeleteTableColumnStatistics",
"dlf:ListTableVersions",
"dlf:BatchDeletePartitions",
"dlf:ListCatalogs",
"dlf:UpdateTable",
"dlf:ListTables",
"dlf:DeleteDatabase",
"dlf:BatchGetTables",
"dlf:DeleteFunction"
 ],
 "Resource": "*",
 "Effect": "Allow"
}
]
}

  4. 將自定義的權(quán)限策略,授權(quán)給新建的RAM角色。

    操作詳情,請參見為RAM角色授權(quán)