- What's New
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- My Dashboards
- Resource Groups
- Using the Alarm Function
-
Server Monitoring
- Introduction to Server Monitoring
- Agent Installation and Configuration
- Agent Features per Version
- Installing and Configuring the Agent on a Linux ECS or BMS
- Installing and Configuring the Agent on a Windows ECS
- Installing the Agents in Batches on Linux ECSs
- Managing the Agent
- Installing the GPU Metrics Collection Plug-in (Linux)
- Installing the Direct Connect Metric Collection Plug-ins
- Process Monitoring
- Viewing Server Monitoring Metrics
- Creating an Alarm Rule to Monitor a Server
- Custom Monitoring
- Event Monitoring
- Task Center
- Data Dump
- Cloud Service Monitoring
- Permissions Management
- Quota Adjustment
- Services Interconnected with Cloud Eye
- Change History
- Best Practices
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- Getting Started
-
API V1
- API Version Management
- Metrics
-
Alarm Rules
- Querying Alarm Rules
- Querying Details of an Alarm Rule
- Enabling or Disabling an Alarm Rule
- Deleting an Alarm Rule
- Creating an Alarm Rule
- Creating a Custom Alarm Template
- Deleting a Custom Alarm Template
- Querying the Alarm History of an Alarm Rule
- Querying Custom Alarm Templates
- Updating a Custom Alarm Template
- Modifying an Alarm Rule
- Monitoring Data
- Quotas
- Resource Groups
- Event Monitoring
-
API V2
- Alarm Rules
- Resources in an Alarm Rule
- Alarm Policies
- Alarm Notifications
- Alarm Records
- Alarm Templates
- Alarm Rules Associated with an Alarm Template
- Resource Groups
- Resources in a Resource Group
-
One-Click Monitoring
- Enabling One-Click Monitoring
- Querying Services and Resources That Support One-Click Monitoring
- Querying Alarm Rules of One Service in One-Click Monitoring
- Batch Enabling or Disabling Alarm Rules of One Service in One-Click Monitoring
- Batch Disabling One-Click Motoring
- Batch Modifying Alarm Notifications in Alarm Rules for One Service That Has One-Click Monitoring Enabled
- Batch Enabling or Disabling Alarm Policies in Alarm Rules for One Service That Has One-Click Monitoring Enabled
-
Alarm Notification Masking
- Creating Alarm Notification Masking Rules in Batches
- Modifying the Masking Time of Alarm Notification Masking Rules in Batches
- Modifying an Alarm Notification Masking Rule
- Deleting Alarm Notification Masking Rules in Batches
- Querying Alarm Notification Masking Rules
- Querying Resources for Which Alarm Notifications Have Been Masked
- Dashboards
- Graphs
- Resource Tags
- Metric Management
- API V3
-
Permissions Policies and Supported Actions
- Introduction
- Supported Actions of the API Version Management APIs
- Supported Actions of the Metric Management API
- Supported Actions of the Alarm Rule Management APIs
- Supported Actions of the Monitoring Data Management APIs
- Supported Actions of the Quota Management API
- Supported Actions of the Event Monitoring API
- Common Parameters
- Appendix
- Change History
- SDK Reference
-
FAQs
- General Consulting
-
Server Monitoring
- How Does the Cloud Eye Agent Obtain a Temporary AK/SK by Authorization?
- How Can I Quickly Restore the Agent Configuration?
- How Can I Ensure that a Newly Purchased ECS Comes with the OS Monitoring Function?
- Why Is a BMS with the Agent Installed Displayed in the ECS List on the Server Monitoring Page?
- What OSs Does the Agent Support?
- What Statuses Does the Agent Have?
- What Should I Do If the Monitoring Period Is Interrupted or the Agent Status Keeps Changes?
- What Should I Do If the Service Port Is Used by the Agent?
- What Should I Do If the Agent Status Is Faulty?
-
Alarm Notifications or False Alarms
- What Is an Alarm Notification? How Many Types of Alarm Notifications Are There? How Can I Configure an Alarm Notification?
- What Alarm Status Does Cloud Eye Support?
- What Alarm Severities Does Cloud Eye Support?
- When Will an "Insufficient data" Alarm Be Triggered?
- How Do I Monitor and View the Disk Usage?
- How Can I Change the Phone Number and Email Address for Receiving Alarm Notifications?
- How Can a User Account Receive Alarm Notifications?
- Why Did I Receive a Bandwidth Overflow Notification While There Being No Bandwidth Overflow Record in the Monitoring Data?
-
Monitored Data Exceptions
- Why Is the Monitoring Data Not Displayed on the Cloud Eye Console?
- Why I Cannot See the Monitoring Data on the Cloud Eye Console After Purchasing Cloud Service Resources?
- Why Doesn't the Cloud Eye Console Display the OS Monitoring Data or Why Isn't the Data Displayed Immediately After the Agent Is Installed and Configured on an ECS?
- Why Is Basic Monitoring Data Inconsistent with Data Monitored by the OS?
- Why Are the Network Traffic Metric Values in Cloud Eye Different from Those Detected in ECS?
- Why Is the Metric Collection Point Lost During Certain Periods of Time?
- Why Are the Four Metrics Memory Usage, Disk Usage, Inband Incoming Rate, and Inband Outgoing Rate Not Displayed for an ECS?
- What Are the Impacts on ECS Metrics If UVP VMTools Is Not Installed on ECSs?
-
User Permissions
- What Should I Do If the IAM Account Permissions Are Abnormal?
- What Can I Do If the System Displays a Message Indicating Insufficient Permissions When I Access Cloud Eye?
- What Can I Do If the System Displays a Message Indicating Insufficient Permissions When I Click Configure on the Server Monitoring Page?
- Videos
Show all
Introduction
This chapter describes fine-grained permissions management for your Cloud Eye. If your Huawei Cloud account does not need individual IAM users, then you may skip over this chapter.
Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for more flexible policy-based authorization, meeting requirements for secure access control. By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign permissions policies to these groups. The user then inherits permissions from the groups it is a member of. This process is called authorization. After authorization, the user can perform specified operations on Cloud Eye based on the permissions. For details, see Permissions Management.
You can grant users permissions by using roles and policies. A policy consists of permissions for an entire service. Users with such a policy assigned are granted all of the permissions required for that service. Policies define API-based permissions for operations on specific resources, allowing for more fine-grained, secure access control of cloud resources.
NOTE:
If you want to allow or deny the access to an API, use policies for authorization.
An account has permissions to call all APIs. An IAM user under the account can call specific APIs only after being assigned the required permissions. The permissions required for calling an API are determined by the actions supported by the API. Only users who have been granted permissions allowing the actions can call the API successfully. For example, if an IAM user queries the alarm rule list using an API, the user must have been granted permissions that allow the ces:alarms:list action.
Supported Actions
Cloud Eye provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control. Operations supported by policies are specific to APIs. The following are common concepts related to policies:
- Permissions: Defined by actions in a custom policy.
- Actions: Added to a custom policy to control permissions for specific operations.
- Related actions: Actions on which a specific action depends to take effect. When assigning permissions for the action to a user, you also need to assign permissions for the dependent actions.
- Authorization Scope: A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management. Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect for IAM. Such policies will not take effect if they are assigned to user groups in Enterprise Management.
- APIs: REST APIs that can be called in a custom policy
Cloud Eye supports the following actions that can be defined in custom policies:
NOTE:
√ indicates that the item is supported, and × indicates that the item is not supported.
Supported Actions of the API Version Management APIs
Supported Actions of the Metric Management API
Supported Actions of the Alarm Rule Management APIs
Supported Actions of the Monitoring Data Management APIs
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
