Overview of Feature Permissions

최신 업데이트:2026-07-08 14:13:13

Introduction

The permission feature is a resource authorization management capability in Cloud Log Service (CLS).

After you create logs, data processing tasks, or upload targets, you can grant these resources to other sub-accounts under the same main account for team collaboration and sharing.

The authorization entry is only visible to the resource creator in each resource list; other accounts cannot see this entry. Once you enter the authorization configuration page, you can select the authorization scope (only the creator / specified accounts). After authorization, the designated accounts can see and use the resource in their own lists upon login.

This feature is designed for resource creators who require team collaboration and cross-account resource sharing. It helps you securely assign permissions for using logs, tasks, and upload targets across different accounts.

User Task Scenario:

Task Scenario Description User Guide
Data Ingestion Authorization Grant other accounts access to logs, enabling them to create ingestion tasks based on the specified consumption type Data Ingestion Authorization
Data Consumption Authorization Grant other accounts permission for the consumption task, associated data tables, and dashboards under the task Data Consumption Authorization
Upload Target Authorization Grant other accounts permission to use the upload target, allowing them to select it when creating new upload tasks Upload Target Authorization

Concept Description

This document covers the following proprietary terms. It is recommended to review them before proceeding:

Term Description
Resource Creator The account that creates a specific log, consumption task, or upload target. Only the creator can access the ‘Function Authorization’ entry for that resource
Main Account / Sub-account The main account can view all resources but can only edit those it has created; the sub-account can only view and edit resources it has created or which it has been authorized to access
Authorization Scope The range of visibility for a resource, categorized as ‘Creator Only’ (default) and ‘Specified Account’
Consumption Type Indicates what consumption tasks logs can be used for. Currently supported: data upload, data download, and dashboard; available types are determined by the service plan purchased by the main account
Plan The service package purchased by the main account, which determines which feature modules are enabled on the platform and the types of optional consumption available

Before You Begin

Function Entry Point:

  • Log in to the Cloud Log Service
  • Entry Path: In each resource list (Data Integration / Data Consumption / Upload Target Management), click Function Authorization in the operation column of the target row

Prerequisite:

  • Already Logged in to the Cloud Log Service
  • Is the creator of the target resource (only the creator can see the Function Authorization entry)

Default Permissions and Revocation Rules

Default Permissions:

  • The main account can view all resources (including Data Access, Consumption Tasks, and Upload Targets), but can only edit those it has created
  • Sub-accounts can only view and edit resources they have created themselves or those they have been authorized to access
  • Native platform data is shared among all accounts; third-party data is only available to the creator by default and must be authorized through Data Access Authorization for use by other accounts
  • The main account has usage permission for Upload Targets by default

Permission Revocation Handling:

Authorizations are not unidirectional; please note the following impacts when revoking permissions:

Revocation Target Revocation Handling
Data Ingestion If the authorized party has already created a consumption task using this log, you cannot directly revoke it; please delete the corresponding downstream task first
Data Consumption - Task Permissions The authorized party will not be able to see, edit, pause, or start the task
Data Consumption - Data Permissions The authorized party will no longer see the data table under [Dashboard - Data Sources - Log Analysis Data Sources]; any charts in the dashboard that utilize this table will not be able to query data
Data Consumption - Dashboard Permissions If view permission is revoked, the dashboard becomes invisible; if edit permission is revoked, both the dashboard and its datasets become inaccessible
Upload Destination The upload tasks that have already used this destination will not be affected; only newly created tasks will be impacted
이 문서의 내용이 도움이 되었습니까?
아니오
정상적으로 제출되었습니다.피드백을 주셔서 감사합니다.앞으로도 개선을 위해 노력하겠습니다.