This document describes how to grant permissions to service roles, collaborators/sub-users, and customize permission policies when Elastic MapReduce (EMR) Serverless TCBase is used.
Granting Permissions to the Service Role
When using EMR Serverless TCBase for the first time, you need to grant the service role EMR_QCSRole to the EMR product, enabling it to call product features and use necessary permissions for related products.
1. Log in to the EMR Serverless TCBase console. On your first visit, a prompt will appear asking you to authorize EMR. Click Grant Authorization to go to the Role Management Authorization page. 2. After confirming the service authorization information, click Authorize to complete the service role authorization.
Note:
When a sub-user or collaborator account is used for the first time, please ensure that the account has been granted the QcloudCamSubaccountsAuthorizeRoleFullAccess permission.
Granting Permissions to Collaborators/Sub-users
In practice, the accounts that actually use products are mainly collaborators or sub-users. Depending on authorization requirements, you can grant sub-users or collaborators different granularities of operation permissions.
Custom Policy Operation Guide