Cloud Services that Support Resource-Level Authorization Using IAM
If you want to grant permissions to an IAM user for specific resources, create a custom policy that contains permissions for the resources, and attach the policy to the user. The user then only has the permissions for the specified resources. For example, to grant permissions to an IAM user for buckets whose names start with TestBucket, create a custom policy, specify the resource path as OBS:*:*:bucket:TestBucket*, and attach the policy to the user.
The following table lists the cloud services that support resource-level authorization and the supported resource types.
|
Service |
Resource Type |
Resource Name |
|---|---|---|
|
queue |
DLI queue |
|
|
catalog |
||
|
database |
DLI database |
|
|
table |
DLI table |
|
|
column |
DLI column |
|
|
datasourceauth |
DLI security authentication information |
|
|
jobs |
DLI job |
|
|
resource |
Resource package |
|
|
elasticresourcepool |
Elastic resource pool |
|
|
group |
Resource package group |
|
|
variable |
Global variable |
|
|
cluster |
Cluster |
|
|
Elastic Cloud Server (ECS) |
instance |
ECS |
|
Elastic Volume Service (EVS) |
volume |
EVS disk |
|
function |
Function |
|
|
trigger |
Trigger |
|
|
Graph Engine Service (GES) |
graphName |
GES graph name |
|
backupName |
GES backup name |
|
|
metadataName |
Metadata name |
|
|
KeyId |
Key ID |
|
|
bucket |
Bucket |
|
|
object |
Object |
|
|
Software Repository for Container (SWR) |
chart |
Chart |
|
repository |
Repository |
|
|
instance |
Enterprise edition instance |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
