Help Center/ Data Security Center/ FAQs/ Asset Authorization/ Agency Policies Obtained After the Access To Assets Is Allowed
Updated on 2024-10-09 GMT+08:00

Agency Policies Obtained After the Access To Assets Is Allowed

After the access to cloud resources is allowed, DSC can access your OBS buckets, databases, big data assets, and asset map. Table 1 describes the agency policies obtained after the access is allowed.

Table 1 Agency policies

Asset

Policy

Scope

Remarks

OBS

OBS Administrator

Global

Used to configure OBS logs, obtain the OBS bucket list, and download items form OBS.

EVS ReadOnlyAccess

Regional

Used to obtain the EVS disk list.

OBS Administrator

Global

Used to obtain the logs delivered by OBS.

Database

ECS ReadOnlyAccess

Regional

Used to obtain the list of ECSs where databases are built.

RDS ReadOnlyAccess

Regional

Used to obtain the RDS database list and related information.

DWS ReadOnlyAccess

Regional

Used to obtain the DWS instance list.

VPC FullAccess

Regional

Used to establish network connection and create VPC ports and security group rules

KMS CMKFullAccess

Regional

Used to perform encryption using KMS in data masking.

GaussDB ReadOnlyAccess

Regional

Used to obtain the GaussDB list.

Big Data

ECS ReadOnlyAccess

Regional

Used to obtain the list of ECSs where big data sources reside.

CSS ReadOnlyAccess

Regional

Used to obtain the CSS data cluster list and data indexes.

DLI Service User

Regional

Used to obtain the DLI queue and database.

VPC FullAccess

Regional

Used to establish network connection and create VPC ports and security group rules.

KMS CMKFullAccess

Regional

Used to perform encryption using KMS in data masking.

MRS

MRS CommonOperations

Regional

Used for cluster query and task creation.

Asset Map

Tenant Guest

Regional

Used to obtain the list of cloud services used for data storage and processing.

OBS Administrator

Global

Used to configure OBS logs, obtain the OBS bucket list, and download items form OBS.

EVS ReadOnlyAccess

Regional

Used to obtain the EVS disk list.

OBS Administrator

Global

Used for OBS to deliver logs.

LTS

LTS ReadOnlyAccess

Region

Used to read LTS log groups or log streams.