tencent cloud

Data Lake Compute

Release Notes
Product Introduction
Overview
Strengths
Use Cases
Purchase Guide
Billing Overview
Refund
Payment Overdue
Configuration Adjustment Fees
Getting Started
Complete Process for New User Activation
DLC Data Import Guide
Quick Start with Data Analytics in Data Lake Compute
Quick Start with Permission Management in Data Lake Compute
Quick Start with Partition Table
Enabling Data Optimization
Cross-Source Analysis of EMR Hive Data
Standard Engine Configuration Guide
Configuring Data Access Policy
Operation Guide
Console Operation Introduction
Development Guide
Runtime Environment
SparkJar Job Development Guide
PySpark Job Development Guide
Query Performance Optimization Guide
UDF Function Development Guide
System Restraints
Client Access
JDBC Access
TDLC Command Line Interface Tool Access
Third-party Software Linkage
Python Access
Practical Tutorial
Accessing DLC Data with Power BI
Table Creation Practice
Using Apache Airflow to Schedule DLC Engine to Submit Tasks
Direct Query of DLC Internal Storage with StarRocks
Spark cost optimization practice
DATA + AI
Using DLC to Analyze CLS Logs
Using Role SSO to Access DLC
Resource-Level Authentication Guide
Implementing Tencent Cloud TCHouse-D Read and Write Operations in DLC
DLC Native Table
SQL Statement
SuperSQL Statement
Overview of Standard Spark Statement
Overview of Standard Presto Statement
Reserved Words
API Documentation
History
Introduction
API Category
Making API Requests
Data Table APIs
Task APIs
Metadata APIs
Service Configuration APIs
Permission Management APIs
Database APIs
Data Source Connection APIs
Data Optimization APIs
Data Engine APIs
Resource Group for the Standard Engine APIs
Data Types
Error Codes
General Reference
Error Codes
Quotas and limits
Operation Guide on Connecting Third-Party Software to DLC
FAQs
FAQs on Permissions
FAQs on Engines
FAQs on Features
FAQs on Spark Jobs
DLC Policy
Privacy Policy
Data Privacy And Security Agreement
Service Level Agreement
Contact Us
DocumentationData Lake ComputeGetting StartedConfiguring Data Access Policy

Configuring Data Access Policy

PDF
Focus Mode
Font Size
Last updated: 2024-07-17 17:44:52

Data Access Policy (CAM role arn) Overview

A data access policy (CAM role arn) allows you to configure permissions in CAM for accessing data in data sources and COS during data job execution. When configuring a data job in Data Lake Compute, you need to specify the data access policy to protect data security.

Directions

Step 1. Create a policy in CAM

1. Log in to the Tencent Cloud console and select Cloud Access Management. The logged-in account needs to have permissions to configure CAM; therefore, we recommend you use a root account or admin account.
2. Select Policies on the left sidebar to enter the policy management page. Click Create Custom Policy and select Create by Policy Syntax.


3. Search for COS in the policy template and select COS permission templates.

The preset templates define read-only and read/write permission policies. If they don't meet your needs, create a custom policy template as instructed in Appendix.
4. Select the template, set a name for the policy, and click Save.

Step 2. Create a service role

1. Log in to the Tencent Cloud console and select Cloud Access Management. The logged-in account needs to have permissions to configure CAM; therefore, we recommend you use a root account or admin account.
2. Select Role on the left sidebar to enter the role management page. Click Create Role and select Tencent Cloud Product Service.


3. In the Role Entity service list, find and select Data Lake Compete and click Next.


4. In the policy configuration, find and select the policy created in Step 1 and click Next.
5. Set a name for the role and click Save.

Step 3. Get the role arn information

1. After creating the role in Step 2, return to the role list and find the created role.
2. Click Role Name to enter the role details page.


3. Find and copy the role arn information.



Step 4. Configure the role arn in Data Lake Compute

1. Log in to the Data Lake Compute console with an admin account.
2. Select Data job on the left sidebar to enter the data job management page. Click Job configuration and select CAM role arn.
3. Click Create role arn.


4. Paste the role arn information obtained in Step 3 in the input box and click Save.

Appendix: Custom Policy Template

If the preset templates cannot meet your data management needs, you can configure a custom template in the following steps.
1. Log in to the Tencent Cloud console and select Cloud Access Management. The logged-in account needs to have permissions to configure CAM; therefore, we recommend you use a root account or admin account.
2. Select Policies on the left sidebar to enter the policy management page. Click Create Custom Policy and select Create by Policy Generator.


3. Select Allow as Effect and COS as Service. Select the resource scope as needed.

If you need to manage specific resources, click Add a six-segment resource description to add resources. You can use * to indicate all the resources. For more information, see Resource Description Method.
4. After completing the configuration, set a name for the policy and click Save. You can also select Authorized Users to authorize the policy to existing users.
Previous Topic: Standard Engine Configuration GuideNext Topic: SQL Editor

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback