Help Center> Log Tank Service> Service Overview> Permissions Management
View PDF

Permissions Management

If you need to assign different permissions to employees in your enterprise to access your LTS resources, Identity and Access Management (IAM) is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your LTS resources.

With IAM, you can use your HUAWEI CLOUD account to create IAM users for your employees, and assign permissions to the users to control their access to LTS resources. For example, some software developers in your enterprise need to use LTS resources but should not delete them or perform other high-risk operations. In this case, you can create IAM users for the software developers and grant them only the permissions required.

If your HUAWEI CLOUD account does not need individual IAM users for permissions management, you may skip over this section.

IAM can be used for free. You pay only for the resources in your account.

LTS Permissions

By default, new IAM users do not have permissions assigned. You need to add users to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.

LTS is a project-level service deployed and accessed in specific physical regions. To assign LTS permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect. If All projects is selected, the permissions will take effect for the user group in all region-specific projects. When accessing LTS, the users need to switch to a region where they have been authorized to use LTS.

Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for more flexible policy-based authorization, meeting requirements for secure access control. For example, you can grant Elastic Cloud Server (ECS) users only the permissions for managing a certain type of ECSs. Most policies define permissions based on APIs.

The system permissions supported by LTS are listed in Table 1.

Table 1 LTS system permissions

Name

Description

Type

LTS FullAccess

Full permissions for LTS. Users with these permissions can perform operations on LTS.

System-defined policy

LTS ReadOnlyAccess

Read-only permissions for LTS. Users with these permissions can only view LTS data.

System-defined policy

LTS Administrator

Administrator permissions for LTS.

System-defined role

Table 2 lists the common operations supported by each system-defined policy or role of LTS. Choose the appropriate policies or roles as required.

Table 2 Common operations supported by each system-defined policy or role

Operation

LTS FullAccess

LTS ReadOnlyAccess

LTS Administrator

Querying a log group

Creating a log group

×

Modifying a log group

×

Deleting a log group

×

Querying a log stream

Creating a log stream

×

Modifying a log stream

×

Deleting a log stream

×

Configuring log collection from hosts

×

Viewing a dashboard

Creating a dashboard

×

Modifying a dashboard

×

Deleting a dashboard

×

Querying the configuration of log structuring

Configuring log structuring

×

Enabling quick analysis

×

Disabling quick analysis

×

Enabling LogReduce

×

Disabling LogReduce

×

Configuring delimiters

×

Querying a filter

Creating a filter

×

Disabling a filter

×

Enabling a filter

×

Deleting a filter

×

Querying an alarm rule

Creating an alarm rule

×

Modifying an alarm rule

×

Deleting an alarm rule

×

Viewing a log transfer task

Creating a log transfer task

×

Modifying a log transfer task

×

Deleting a log transfer task

×

Enabling a log transfer task

×

Disabling a log transfer task

×

Installing ICAgent

×

Upgrading ICAgent

×

Uninstalling ICAgent

×