Authorizing SecMaster
Scenario
SecMaster depends on some other cloud services. To better use SecMaster, you can authorize SecMaster to perform some operations on some cloud services on your behalf. For example, you can allow SecMaster to execute scheduling tasks and manage resources.
Your authorization is required first time you try to use SecMaster. The following table lists the permissions you need to assign to SecMaster.
Permission |
Description |
Assign To |
When to Use |
---|---|---|---|
ECS FullAccess |
All permissions for ECS |
SecMaster_Agency |
Used to work with security groups to block source IP address, execute playbooks that update security groups, and to query ECSs details. |
WAF FullAccess |
Web Application Firewall (WAF) administrator |
SecMaster_Agency |
Used to work with WAF blacklists and address groups to block malicious source IP addresses and to check websites protected with WAF for baseline settings. |
SecMaster FullAccess |
SecMaster administrator |
SecMaster_Agency |
Used to perform operations such as alert handling. |
HSS FullAccess |
Host Security Service (HSS) administrator |
SecMaster_Agency |
Used to execute playbooks related to vulnerability management and host isolation, and to obtain the HSS status for servers during baseline inspections. |
EPS ReadOnlyAccess |
Read-only permissions for EPS. |
SecMaster_Agency |
Used to execute WAF-related playbooks and workflows. |
ECS ReadOnlyAccess |
Read-only permissions for ECSs. |
SecMaster_Agency |
Used to query the number of ECSs during subscription and obtain ECS security settings for baseline checks. |
Anti-DDoS ReadOnlyAccess |
Read-only permissions for Anti-DDoS. |
SecMaster_Agency |
Used to obtain Anti-DDoS asset details for baseline checks. |
IAM ReadOnlyAccess |
Read-only permissions for IAM. |
SecMaster_Agency |
Used to obtain credential information during playbook and workflow execution. |
WAF Administrator |
WAF administrator, who has all permissions for WAF. |
SecMaster_Agency |
Used to execute WAF-related playbooks and workflows. |
SMN FullAccess |
All permissions for SMN. |
SecMaster_Agency |
Used to send playbook execution notifications. |
RDS ReadOnlyAccess |
Read-only permissions for RDS |
SecMaster_Agency |
Used to execute playbooks related to asset connections. |
EIP ReadOnlyAccess |
Read-only permissions for EIP |
SecMaster_Agency |
Used to execute asset connection playbooks and obtain EIP configurations for baseline checks. |
Tenant Guest |
Read-only permissions for all cloud services (except IAM) |
SecMaster_Agency |
Used to execute the HTTP plug-in in playbooks. |
NAT ReadOnlyAccess |
Read-only permissions for NAT Gateway. |
SecMaster_Agency |
Used to obtain NAT Gateway information for resource management. |
VPC FullAccess |
All permissions for VPC. |
SecMaster_Agency |
Used to execute asset connection playbooks and isolation workflows, and obtain VPC details for baseline checks. |
OBS OperateAccess |
Allows a user to perform the basic operations, such as viewing the bucket list, obtaining bucket metadata, listing objects in a bucket, querying bucket location, uploading objects, obtaining objects, deleting objects, and obtaining an object ACL. |
SecMaster_Agency |
Used to execute alert playbooks and obtain OBS asset details for baseline checks. |
ELB ReadOnlyAccess |
Read-only permissions for ELB. |
SecMaster_Agency |
Used to obtain ELB asset details for baseline checks. |
CFW FullAccess |
All permissions for CFW. |
SecMaster_Agency |
Used to execute preventive playbooks. |
RMS ReadOnlyAccess |
Read-only permissions for RMS. |
SecMaster_Agency |
Used by the playbooks of notifying of critical O&M operations. |
Prerequisites
- The IAM account has been authorized. For details, see How Do I Grant Permissions to an IAM User?
- You have purchased SecMaster.
Procedure
- Log in to the management console.
- Click in the upper left corner of the management console and select a region or project.
- Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management.
Figure 1 Workspaces > Management
- (Optional) In the upper part of the workspace management page, click Entrusted Service Authorization - Current Tenant.
The service authorization page is automatically displayed the first time you log in.
- On the page for assigning permissions, select all required permissions (which are selected by default), select Agree to authorize, and click Confirm.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.