检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Function Description Phase Documentation 1 IAM fine-grained authorization You can mange fine-grained permissions of DLI with IAM. Commercial use Creating a Custom Policy 2 Flink 1.10 DLI now supports Flink 1.10. Commercial use Apache Flink Documentation March 2020 No.
Function Description Phase Documentation 1 IAM fine-grained authorization DLI supports fine-grained authorization through IAM. Commercial use Creating a Custom Policy 2 Support for Flink 1.10 DLI supports Flink 1.10. Commercial use Apache Flink Documentation March 2020 No.
When using a token for authentication, cache it to prevent frequently calling the IAM API.
IAM policies prioritize deny permissions over allow permissions, which means that even if there are allow permissions, the presence of deny permissions will result in authorization failure. Solution Find the DLI job bucket on the OBS management console.
Job templates Preset general Flink SQL templates for quick start N/A Enterprise security Configuring access control Permission control streamlined with Huawei Cloud IAM, and role-based access control N/A Space isolation Tenant-level and project-level isolation resources and code for
DLI jobs must be set and modified by the main account as IAM users do not have required permissions. You cannot view the logs for DLI jobs before configuring a bucket.
NOTE: The username is an existing IAM user name and has logged in to the DLI management console. Permission Settings Delete Queues: This permission allows you to delete the queue. Submit Jobs: This permission allows you to submit jobs using this queue.
NOTE: This username must be an existing IAM username. In addition, the user can perform authorization operations only after logging in to the Huawei Cloud platform. Permissions to be granted to the user Select all: All permissions are selected.
Figure 1 Configuring an agency for DLI Once configured, you can check the agency dli_management_agency in the agency list on the IAM console.
To obtain the IAM endpoint and region name in the message body, see Regions and Endpoints. Here is an example request: Replace the content in italic in the sample code with the actual values.
To obtain the IAM endpoint and region name in the message body, see Regions and Endpoints. Here is an example request: Replace the content in italic in the sample code with the actual values.
Figure 1 Configuring an agency for DLI Once configured, you can check the agency dli_management_agency in the agency list on the IAM console. Step 1: Develop a JAR File and Upload It to OBS Develop a JAR file offline as the DLI console does not support this capability.
Figure 1 Configuring an agency for DLI Once configured, you can check the agency dli_management_agency in the agency list on the IAM console. Step 1: Upload Data to OBS Upload data files to OBS. Log in to the OBS management console. Create a bucket.
Available in all regions Advantages of Serverless DLI over On-Premises Hadoop DLI Notes and Constraints dli Permission Management DLI has a comprehensive access control mechanism built-in, and also supports fine-grained authentication through Identity and Access Management (IAM).
CREATE_FUNC Table/View ALL ALTER DROP DESCRIBE UPDATE INSERT SELECT DELETE Column SELECT Function ALL ALTER DROP DESCRIBE EXEC LakeFormation Permission Policies (Spark) Table 2 LakeFormation permission policies Type SQL Statement Permission to Authenticate Access to Metadata Using IAM
IAM provides a set of DLI predefined condition keys. The following table lists the predefined condition keys of DLI.
Figure 1 Configuring an agency for DLI Once configured, you can check the agency dli_management_agency in the agency list on the IAM console.
Agency Before using Spark 3.3.1 or later (Spark general queue scenario) to run jobs, you need to create an agency on the IAM console and add the new agency information. For details, see Customizing DLI Agency Permissions.
Figure 1 Configuring an agency for DLI Once configured, you can check the agency dli_management_agency in the agency list on the IAM console. Step 1: Prepare a Source Stream In this example, Kafka is the source stream. Enable DIS to import Kafka data to DLI.
Why Can't I Query a View After I'm Granted the Select Table Permission on the View? Symptom User A created Table1. User B created View1 based on Table1. After the Select Table permission on Table1 is granted to user C, user C fails to query View1. Possible Causes User B does not have
