Viewing the Notebook Instances of All IAM Users Under One Tenant Account
Any IAM user granted with the listAllNotebooks and listUsers permissions can click View all on the notebook page to view the instances of all IAM users in the current IAM project.
Users granted with these permissions can also access OBS and SWR of all users in the current IAM project.
Assigning the Required Permissions
- Log in to the ModelArts management console as a tenant user, hover the cursor over your username in the upper right corner, and choose Identity and Access Management from the drop-down list to switch to the IAM management console.
- On the IAM console, choose Permissions > Policies/Roles from the navigation pane, click Create Custom Policy in the upper right corner, and create two policies.
Policy 1: Create a policy that allows users to view all notebook instances of an IAM project, as shown in Figure 1.
- Policy Name: Enter a custom policy name, for example, Viewing all notebook instances.
- Policy View: Select Visual editor.
- Policy Content: Select Allow, ModelArts Service, modelarts:notebook:listAllNotebooks, and default resources.
Policy 2: Create a policy that allows users to view all users of an IAM project.
- Policy Name: Enter a custom policy name, for example, Viewing all users of the current IAM project.
- Policy View: Select Visual editor.
- Policy Content: Select Allow, Identity and Access Management, iam:users:listUsers, and default resources.
- In the navigation pane, choose User Groups. Then, click Authorize in the Operation column of the target user group. On the Authorize User Group page, select the custom policies created in 2, and click Next. Then, select the scope and click OK.
After the configuration, all users in the user group have the permission to view all notebook instances created by users in the user group.
If no user group is available, create a user group, add users using the user group management function, and configure authorization. If the target user is not in a user group, you can add the user to a user group through the user group management function.
Starting Notebook Instances of Other IAM Users
If an IAM user wants to access another IAM user's notebook instance through remote SSH, they need to update the SSH key pair to their own. Otherwise, error ModelArts.6789 will be reported. For details about how to update a key pair, see Modifying the SSH Configuration for a Notebook Instance.
Erro message: ModelArts.6789: Failed to use SSH key pair KeyPair-xxx. Update the key pair and try again later.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.