- What's New
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- Managing Public Images
-
Creating a Private Image
- Introduction
- Creating a System Disk Image from a Windows ECS
- Creating a System Disk Image from a Linux ECS
- Creating a Windows System Disk Image from an External Image File
- Creating a Linux System Disk Image from an External Image File
- Creating a BMS System Disk Image
- Creating a Data Disk Image from an ECS
- Creating a Data Disk Image from an External Image File
- Creating a Full-ECS Image from an ECS
- Creating a Full-ECS Image from a CSBS Backup
- Creating a Full-ECS Image from a CBR Backup
- Creating a Windows System Disk Image from an ISO File
- Creating a Linux System Disk Image from an ISO File
- Importing an Image
- Fast Import of an Image File
-
Managing Private Images
- Modifying an Image
- Exporting Image List
- Checking the Disk Capacity of an Image
- Creating an ECS from an Image
- Deleting Images
- Sharing Images
- Exporting an Image
- Optimizing a Windows Private Image
-
Optimizing a Linux Private Image
- Optimization Process
- Checking Whether a Private Image Needs to be Optimized
- Uninstalling PV Drivers from a Linux ECS
- Changing the Disk Identifier in the GRUB Configuration File to UUID
- Changing the Disk Identifier in the fstab File to UUID
- Installing Native Xen and KVM Drivers
- Installing Native KVM Drivers
- Clearing System Logs
- Encrypting Images
- Replicating Images Within a Region
- Replicating Images Across Regions
- Tagging an Image
- Auditing Key Operations
- Windows Operations
- Linux Operations
- Permissions Management
-
Best Practices
- Overview
- Creating a Linux Image Using VirtualBox and an ISO File
- Cleaning Up the Disk Space of a Windows ECS
- Converting the Image Format
- Creating a Private Image Using Packer
- Configuring an ISO File as a Local Image Source
- Migrating Service Data Across Accounts (Data Disks)
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- Getting Started
- IMS APIs
-
Native OpenStack APIs
-
Image (Native OpenStack APIs)
- Querying Images (Native OpenStack API)
- Querying Image Details (Native OpenStack API)
- Updating Image Information (Native OpenStack API)
- Uploading an Image (Native OpenStack API)
- Deleting an Image (Native OpenStack API)
- Creating Image Metadata (Native OpenStack API)
- Deleting an Image (Native OpenStack API v1.1 - Abandoned and Not Recommended)
- Querying Image Metadata (Native OpenStack API v1 - Abandoned and Not Recommended)
- Querying Image Details (Native OpenStack API v1.1 - Abandoned and Not Recommended)
- Image Tagging (Native OpenStack APIs)
- Image Schema (Native OpenStack APIs)
- Image Sharing (Native OpenStack APIs)
- API Version Query (Native OpenStack API)
-
Image (Native OpenStack APIs)
- Examples
- Permission Policies and Supported Actions
- Common Parameters
- Status Codes
- Error Codes
- SDK Reference
-
FAQs
-
Image Consulting
- Basic Concepts
- How Do I Select an Image?
- Are There Any Public Images Already Containing Certain Applications, Such as OpenVPN or PyTorch?
- How Do I Increase the Image Quota?
- What Are the Differences Between Images and Backups?
- Can I Tailor an Image?
- How Can I Back Up the Current Status of an ECS for Restoration in the Case of a System Fault?
- How Can I Apply a Private Image to an Existing ECS?
- Can I Import Data from a Data Disk Image to a Data Disk?
- Can I Use Private Images of Other Accounts?
- End-of-Support for OSs
-
Image Creation
- General Creation FAQs
- Full-ECS Image FAQs
- How Can I Use a Backup to Create an EVS Disk or ECS?
- Is There Any Difference Between the Image Created from a CSBS/CBR Backup and That Created from an ECS?
- Why Can't I Find an ISO Image When I Want to Use It to Create an ECS or Change the OS of an ECS?
- How Do I Create a Full-ECS Image Using an ECS That Has a Spanned Volume?
- Why Is Sysprep Required for Creating a Private Image from a Windows ECS?
- How Do I Handle the Startup Failure of a Windows ECS Created from a Windows Image Generalized by Sysprep?
- What Do I Do If I Cannot Create an Image in ZVHD2 Format Using an API?
- Image Sharing
- OS
-
Image Import
- Can I Use Images in Formats not Described in This Document?
- What Are the Impacts If I Do Not Pre-configure an ECS Used to Create a Private Image?
- How Do I Import an OVF or OVA File to the Cloud Platform?
- What Do I Do If I Chose the Wrong OS or System Disk Capacity When Registering a Private Image?
- Why Did My VHD Upload Fail? Why Does the System Say the System Disk in the VHD Image File Is Larger Than What I Specified on the Management Console?
-
Image Export
- Can I Download My Private Images to a Local PC?
- Can I Use the System Disk Image of an ECS on a BMS After I Export It from the Cloud Platform?
- Why Is the Image Size in an OBS Bucket Different from That Displayed in IMS?
- Can I Download a Public Image to My PC?
- What Are the Differences Between Import/Export and Fast Import/Export?
- Why the Export Option Is Unavailable for My Image?
-
Image Optimization
- Must I Install Guest OS Drivers on an ECS?
- Why Do I Need to Install and Update VirtIO Drivers for Windows?
- What Will the System Do to an Image File When I Use the File to Register a Private Image?
- How Do I Configure an ECS, a BMS, or an Image File Before I Use It to Create an Image?
- What Do I Do If a Windows Image File Is Not Pre-Configured When I Use It to Register a Private Image?
- What Do I Do If a Linux Image File Is Not Pre-Configured When I Use It to Register a Private Image?
- How Do I Enable NIC Multi-Queue for an Image?
- How Do I Configure an ECS to Use DHCPv6?
- How Do I Clean Up the Disk Space of a Windows ECS?
- How Do I Make a System Disk Image Support Fast ECS Creation?
- Why Did I Fail to Install Guest OS Drivers on a Windows ECS?
- How Do I Install Native Xen and KVM Drivers?
- Image Replication
- Image Deletion
- Image Encryption
- Accounts and Permissions
- Cloud-Init
-
ECS Creation
- Can I Change the Image of a Purchased ECS?
- Can I Change the Specifications Defined by a Private Image When I Use the Image to Create an ECS?
- Can I Specify the System Disk Capacity When I Create an ECS Using an Image?
- What Do I Do If a Partition Is Not Found During the Startup of an ECS Created from an Imported Private Image?
- What Do I Do If the Disks of a CentOS ECS Created from an Image Cannot Be Found?
- What Do I Do If I Enabled Automatic Configuration During Image Registration for an ECS Created from a Windows Image and Now It Won't Start?
- What Do I Do If an Exception Occurs When I Start an ECS Created from an Image Using UEFI Boot?
- Billing
-
Image Consulting
- Videos
Show all
Permissions
If you need to assign different permissions to personnel in your enterprise to access your images, Identity and Access Management (IAM) is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your resources.
With IAM, you can create IAM users and assign permissions to control their access to specific resources. For example, if you want some software developers in your enterprise to use images but do not want them to delete the images or perform any other high-risk operations, you can create IAM users and grant permission to use the images but not permission to delete them.
If your account does not require individual IAM users for permissions management, you can skip this section.
IAM is a free service. You pay only for the resources in your account. For more information about IAM, see What Is IAM?
IMS Permissions
New IAM users do not have any permissions assigned by default. You need to first add them to one or more groups and attach policies or roles to these groups. The users then inherit permissions from the groups and can perform specified operations on cloud services based on the permissions they have been assigned.
IMS is a project-level service deployed for specific regions. When you set Scope to Region-specific projects and select the specified projects in the specified regions, the users only have permissions for images in the selected projects. If you set Scope to All resources, the users have permissions for images in all region-specific projects. When accessing IMS, the users need to switch to the authorized region.
You can grant permissions by using roles and policies.
- Roles: A coarse-grained authorization strategy provided by IAM to assign permissions based on users' job responsibilities. Only a limited number of service-level roles are available for authorization. Cloud services depend on each other. When you grant permissions using roles, you also need to attach any existing role dependencies. Roles are not ideal for fine-grained authorization and least privilege access.
Table 1 System-defined IMS roles Role
Description
Dependencies
IMS Administrator
Administrator permissions for IMS
This role depends on the Tenant Administrator role.
Server Administrator
Permissions for creating, deleting, querying, modifying, and uploading images
This role depends on the IMS Administrator role in the same project.
- Policies (recommended): A fine-grained authorization strategy that defines permissions required to perform operations on specific cloud resources under certain conditions. This type of authorization is more flexible and is ideal for least privilege access. For example, you can grant users only the permission to manage images of a certain type.
A majority of fine-grained policies contain permissions for specific APIs, and permissions are defined using API actions. For the API actions supported by IMS, see Permissions and Supported Actions.
Table 2 System-defined policies for IMS Policy
Description
Dependencies
IMS FullAccess
All permissions for IMS
None
IMS ReadOnlyAccess
Read-only permissions for IMS. Users with these permissions can only view IMS data.
None
Table 3 lists the common operations supported by system-defined permissions for IMS.
Helpful Links
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.