You need to enable JavaScript to run this app.
导航
自定义策略
最近更新时间:2024.12.09 19:47:05首次发布时间:2024.11.14 16:59:40

背景

  • ⽬前EMR Serverless Spark 系统预置策略EMRServerlessFullAccess和 EMRServerlessReadOnlyAccess
  • 其中EMRServerlessFullAccess具备全部管理权限, EMRServerlessReadOnlyAccess 只具备可读权限。

如果您想要为⼦账号授权其他的权限,可以通过⾃定义策略的⽅式实现。
本文以自定义提交作业策略为例。

创建⾃定义策略

  1. 主账号登 EMR 控制台
  2. 右上角个人信息中,单击访问控制 > 策略管理> 新建⾃定义策略, 进入新建自定义策略界面。
  3. 通过可视化编辑器或JSON编辑器进⾏策略编辑,在此推荐您使⽤JSON编辑器。

策略⽰例
仅提交作业权限策略:

{
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "emr_serverless:ListSchemaNames",
                "emr_serverless:EditorGetLog",
                "emr_serverless:EditorGetBatchQueryStatus",
                "emr_serverless:EditorListAllBatchQueries",
                "emr_serverless:EditorListAllHistoryRecords",
                "emr_serverless:EditorDeleteTab",
                "emr_serverless:EditorSaveQuery",
                "emr_serverless:EditorListAllTabs",
                "emr_serverless:ShowTablesNotCheckPrivilege",
                "emr_serverless:EditorExecuteQuery",
                "emr_serverless:EditorAnalyzeQuery",
                "emr_serverless:EditorGetBatchQueryStatus",
                "emr_serverless:EditorListBatchQueryData",
                "emr_serverless:EditorListAllQueuesExt",
                "emr_serverless:CheckJobStatus",
                "emr_serverless:ListImportJob",
                "emr_serverless:ListQueue",
                "emr_serverless:ListJob",
                "emr_serverless:MonitorScanData",
                "emr_serverless:MonitorStorage",
                "emr_serverless:ConsolePermission",
                "emr_serverless:ListRegion",
                "emr_serverless:ListSchema",
                "emr_serverless:ListResourceReferJobs",
                "emr_serverless:Query*",
                "emr_serverless:Get*",
                "emr_serverless:Fetch*",
                "emr_serverless:ListPath",
                "emr_serverless:ListAclEntriesV2",
                "emr_serverless:EditorListAllJobTabs",
                "emr_serverless:ListTagQueue",
                "emr_serverless:ListQueueComponent",
                "emr_serverless:ListJobInstances"
            ],
            "Resource": [
                "*"
            ]
        }
    ]
}

策略授权

策略创建完成后,需要给⼦账号进⾏⾃定义策略的授权。

  1. 在⾃定义策略的界⾯,单价⾃定义的策略的右侧“管理”按钮。

Image

  1. 单击添加授权,搜索想要授权的⽤⼾、⽤⼾组或⻆⾊。

Image

  1. 授权成功后,⼦账号即拥有相应权限。