Allowing or Disallowing Access to Cloud Assets
This section describes how to grant or revoke permissions for accessing OBS buckets, databases, big data, LTS, and MRS, as well as the asset map feature. The system will create an agency for you to use DSC.
Prerequisites
You have added the obtained account to the user group that has been assigned with the DSC FullAccess permission. For details, see Creating a User and Assigning DSC Permissions.
Constraints
- After permissions are granted, DSC will be able to access your OBS buckets, databases, big data instances, and other cloud assets as needed.
After DSC is granted permissions for accessing the OBS bucket to obtain the logs, fees are incurred. For details, see Requests.
- After the permissions are revoked, ensure that your assets have no ongoing tasks. DSC will delete your agencies and assets and all related data. Exercise caution when performing this operation.
Agency Policies Obtained After Access to Assets Is Allowed
Asset |
Policy |
Scope |
Remarks |
---|---|---|---|
OBS |
OBS Administrator |
Global |
Used to configure OBS logs, obtain the OBS object list, download OBS objects, and obtain OBS delivery logs. |
EVS ReadOnlyAccess |
Regional |
Used to obtain the EVS disk list. |
|
Database |
ECS ReadOnlyAccess |
Regional |
Used to obtain the list of ECSs where databases are built. |
RDS ReadOnlyAccess |
Regional |
Used to obtain the RDS database list and related information. |
|
DWS ReadOnlyAccess |
Regional |
Used to obtain the DWS instance list. |
|
VPC FullAccess |
Regional |
Used to establish network connection and create VPC ports and security group rules |
|
KMS CMKFullAccess |
Regional |
Used to perform encryption using KMS in data masking. |
|
GaussDB ReadOnlyAccess |
Regional |
Used to obtain the GaussDB list. |
|
Big Data |
ECS ReadOnlyAccess |
Regional |
Used to obtain the list of ECSs where big data sources reside. |
CSS ReadOnlyAccess |
Regional |
Used to obtain the CSS data cluster list and data indexes. |
|
DLI Service User |
Regional |
Used to obtain the DLI queue and database. |
|
VPC FullAccess |
Regional |
Used to establish network connection and create VPC ports and security group rules |
|
KMS CMKFullAccess |
Regional |
Used to perform encryption using KMS in data masking. |
|
MRS |
MRS CommonOperations |
Regional |
Used for cluster query and task creation. |
Asset Map |
Tenant Guest |
Regional |
Used to obtain the list of cloud services used for data storage and processing. |
OBS Administrator |
Global |
Used to configure OBS logs, obtain the OBS bucket list, and download items form OBS. |
|
EVS ReadOnlyAccess |
Regional |
Used to obtain the EVS disk list. |
|
OBS Administrator |
Global |
Used for OBS to deliver logs. |
|
LTS |
LTS ReadOnlyAccess |
Regional |
Used to read LTS log groups or log streams. |
Procedure
- Log in to the management console.
- Click in the upper left corner of the management console and select a region or project.
- In the navigation pane on the left, click and choose , then go to the Asset Map page.
- In the upper left corner of the Asset Map page, click Modify. The Allow Access to Cloud Assets page is displayed.
- On the displayed page, allow or disallow DSC to access your cloud assets. For details, see Table 2.
Figure 1 Allowing access to cloud assets
Table 2 Parameter description Parameter
Description
Assets
- OBS
- Database: For details about the database types and versions supported by DSC, see Constraints.
- Big Data: assets in Cloud Search Service (CSS), Data Lake Insight (DLI), Hive, and HBase
- MRS: assets in MapReduce Service (MRS).
- Asset Map: assets on the cloud.
- LTS: assets in Log Tank Service (LTS).
Agency Policies Obtained After Access to Assets Is Allowed describes the agency policies obtained after the access to assets is allowed.
Authorization Status
Authorization Status- Authorized
- Unauthorized
Operation
Click the following toggle buttons to allow or disallow access to your assets:- : Unauthorized
- : Authorized
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.