This article shows you how to add a project role and authorize it through ACLs.


Jack is the project administrator of a project prj1. The three new data auditors, Alice, Bob, and Charlie, are added to the project team. They all need to apply for the following permissions: view table lists, submit jobs, and read the table userprofile.


As a project administrator, Jack can perform authorization by using the object-based ACL Authorization.

Jack must perform the following procedure:
    use prj1;
    add user aliyun$; --Add the user
    add user aliyun$;
    add user aliyun$;
    create role tableviewer; --Create a role
    grant List, CreateInstance on project prj1 to role tableviewer; --Grant permissions to the role
    grant Describe, Select on table userprofile to role tableviewer;
    grant tableviewer to aliyun$; --Grant the tableviewer role to the user
    grant tableviewer to aliyun$;
    grant tableviewer to aliyun$;