Permissions Management
IAM provides identity authentication, permissions management, and access control. It is a good choice for fine-grained permissions management if you need to assign different permissions for accessing your RES resources to different employees in your enterprise.
With IAM, you can use your HUAWEI CLOUD account to create IAM users for your employees, and assign them permissions for accessing specific resource types. For example, software developers in your enterprise may need to be able to use RES resources but must not be able to delete them or perform any high-risk operations. To achieve this, you can create IAM users for the software developers and grant them only the permissions for using RES resources.
If your HUAWEI CLOUD account does not need individual IAM users for permissions management, you may skip over this chapter.
IAM can be used free of charge. You pay only for the resources in your account. For more information on IAM, see the IAM Service Overview.
RES Permissions
By default, new IAM users do not have permissions assigned. You need to add users to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added. After authorization, users can perform operations on RES specified by their permissions.
RES is a project-level service deployed and accessed in specific physical regions. To assign RES permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect on. If you select All projects, the permissions will take effect for the user group in all region-specific projects. When accessing RES, users need to switch to a region where they have been authorized to use cloud services.
You can grant users permissions by using roles and policies.
- Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. This mechanism provides only a limited number of service-level roles for authorization. When using roles to grant permissions, you need to also assign other roles on which the permissions depend to take effect. However, roles are not an ideal choice for fine-grained authorization and secure access control.
- Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for more flexible policy-based authorization, meeting requirements for secure access control. For example, you can grant ECS users only the permissions for managing a certain type of ECS. Most policies define permissions based on APIs. For the API actions supported by RES, see the Permissions Policies and Supported Actions.
Table 1 lists all the system-defined roles and policies supported by RES.
|
System Policy Name |
Description |
Category |
|---|---|---|
|
RES FullAccess |
Administrator permissions for RES. Users granted these permissions can operate and use all RES resources. |
System-defined policy |
|
RES ReadOnlyAccess |
Read-only permissions for RES. Users granted these permissions can only view RES data. |
System-defined policy |
Table 2 lists the common operations supported by each system policy of RES. Select appropriate system policies according to this table.
|
Operation |
RES FullAccess |
RES ReadOnlyAccess |
|---|---|---|
|
Creating a Workspace |
√ |
x |
|
Querying the Details About a Workspace |
√ |
√ |
|
Querying the List of Workspaces |
√ |
√ |
|
Modifying a Workspace |
√ |
x |
|
Deleting a Workspace |
√ |
x |
|
Adding a Data Source |
√ |
x |
|
Querying the Details of a Data Source |
√ |
√ |
|
Querying the List of Data Sources |
√ |
√ |
|
Modifying a Data Source |
√ |
x |
|
Deleting a Data Source |
√ |
x |
|
Creating a Scenario |
√ |
x |
|
Querying a Scenario |
√ |
√ |
|
Querying the List of Scenarios |
√ |
√ |
|
Modifying a Scenario |
√ |
x |
|
Deleting a Scenario |
√ |
x |
|
Running a Scenario |
√ |
x |
|
Creating a Job |
√ |
x |
|
Querying job details |
√ |
√ |
|
Querying job lists |
√ |
√ |
|
Modifying a Job Operator |
√ |
x |
|
Deleting jobs |
√ |
x |
|
Running a Job |
√ |
x |
Last Article: Related Services
Next Article: Quotas
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.