User permissions encompass data permissions and engine permissions (for a detailed explanation, refer to DLC Permission Overview). Appropriate data permissions are required to access data in DLC. DLC provides database and table-level permission management, as well as column-level fine-grained permission management, facilitating data authorization for users or groups in various scenarios and enabling meticulous management of data permissions. Additionally, resource management can be achieved through corresponding engine permissions.
Users and Workgroups
Permissions can be granted individually to users, or a workgroup comprising a batch of users can be created for permission authorization. For user and workgroup management operations, refer to Users and Workgroups.
User: You can select users in CAM, including sub-accounts and collaborator accounts.
Work group: It is a group of users with the same permissions managed in the product.
Note:
When the permissions assigned to a user differ from those of their work group, the union of both sets of permissions is taken.
A work group allows you to quickly grant permissions to a batch of users, so it is recommended for batch user authorization.
Add User Permissions
Grant permissions to the specified user.
1. Set a user as an admin/general user. An admin user does not need to be associated with a workgroup to have all resources, including all permissions for data, engines, etc., and can manage admin users other than the main account. This permission needs to be set with caution.
2. Binding Workgroups: For regular users, it is necessary to grant corresponding permissions or bind them to a workgroup to access relevant resources.
3. Add Data Permissions: In the user list, select the authorization operation, choose data permissions, and you can opt to grant the user permissions for the data directory or database tables.
Add data directory permissions. Data directories can be set to create database permissions under DataLakeCatalog, as well as create permissions for other data directories.
Add Database Table Permissions. Permissions can be added through two modes: Regular Settings and Advanced Settings. Regular Permission Settings: You can add permissions for database tables under a specified directory, setting query analysis, data editing, and owner permissions.
Specific permissions are as follows:
Permission Type
Databases
data sheet
View and Function
Query & analytics
Permission to query all tables, views, and functions in the database.
Permission to Create Data Tables.
Query
Query
Data edit
Permissions to modify, delete, and create tables in the database.
Full permissions for all tables, views, and functions.
Querying, inserting, updating, and deleting data.
Modification and Deletion of Tables
Query, create, modify, and delete.
Owner (grants the permission to re-authorize permissions in addition to data edit permissions)
Modifying, deleting, and creating tables in a database.
Full permissions for all tables, views, and functions.
Querying, inserting, updating, and deleting data.
Modification and Deletion of Tables
Query, create, modify, and delete.
Advanced Permission Settings: When selecting a single database, you can continue to set permissions for queries, insertions, updates, and deletions for tables, views, and functions within the database. When selecting multiple databases, permissions will only be set at the database level.
In advanced mode, column-level permission settings are supported. When selecting a single data table, query permissions for columns can be added. You can authorize either one/multiple columns or all columns.
After clicking Confirm to complete the addition, execute a query in the data exploration module, input the following SQL statement to preview the information of "col1", and you can view the preview results of this column after running.
For the data column b in this data table that has not been granted column permissions, input the SQL statement to view the information of data column b. This query cannot be executed due to permission issues.
4. Add Engine Permissions: In the user list, select the authorization operation, choose engine permissions, and grant usage, modification, operation, monitoring, and deletion permissions to specified resources.
Modify User Permissions
1. Select 'Authorize' from the user list, and choose either data permissions or engine permissions.
Enter the authorization interface (taking data permissions as an example), modify permissions by adding or removing them (the same operation applies to the modification of engine permissions).
2. To modify the workgroup or user type, click Operation > Edit to access the user editing interface, where you can modify the user name, user type, and description. Regular users can add or remove workgroups.
Click the Edit button to change the user type.
View User Permissions
1. Click on the user ID in the user list to access the user details page.
2. View information such as the workgroup a user belongs to, data permissions, engine permissions, etc.
Revoking User Permissions
For permissions that need to be revoked, they can be removed from the user's permission list. The removal of a user requires admin operations.
Permission to Add and Remove Groups
Adding or removing workgroups requires administrative action, similar to user data permission operations. Users within a group possess all the permissions that the group has. By binding a batch of users to a workgroup and granting the group data, engine, and other resource permissions, user permissions can be managed in bulk. Administrators do not need to be bound to a workgroup.
