Data Lake Permission Management
Data Lake Permission Management is an important part of ensuring data security and compliance. Through proper permission management, you can ensure that users can only access and operate the data and resources they need. Permission management in a data lake mainly involves two aspects: data access permissions and function call permissions. Specifically, it includes the following aspects:
- Permission points and permission management of Volume objects
- Permission points and permission management of Remote Function objects
Volume Object Permissions
For Volume objects, you can set the following permissions:
- Permissions of the Schema to which the object belongs: CREATE / DROP
- Permissions of the object itself: READ / WRITE / ALTER
Example 1: Granting a New User Access to a Volume
Suppose you have a new user named datalake_user, and you want to grant them access to the workspace. First, grant the user the workspace_user role (read-only permission):
Next, if you want to allow the datalake_user to read, upload data, and synchronize file metadata to the Lakehouse metadata service for Volume objects, you need to grant the following permissions:
- Authorize the use of computing resources Virtual Cluster
- Grant
datalake_userREAD/WRITE/ALTER permissions on the Volume
The specific steps are as follows:
Remote Function Object Permissions
For Remote Function objects, you can set the following permissions:
- Permissions of the Schema to which the object belongs: CREATE / DROP
- Permissions of the object itself: USE
Example 2: Granting a User Permission to Use a Remote Function
Suppose you want to grant the user datalake_user permission to use a Remote Function named fc_image_2_text, you can execute the following command: