Access Control
Access Mode
A bunch of tools, including console, command line tools, APIs, and SDKs, are provided for you to access SWR. No matter which method you use, you are accessing SWR through REST APIs.
The SWR APIs support both authenticated and anonymous requests. There will usually be anonymous requests in the scenarios that require public access, for example, accessing a hosted static website. In most cases, requests for SWR resources must be authenticated. An authenticated request must contain a signature value. The signature value is calculated based on the requestor's access keys (AK/SK) as the encryption factor and the specific information carried in the request body. AK/SK authentication uses AK/SK-based encryption to authenticate a request sender. For details about an AK/SK and how to obtain one, see Obtaining a Long-Term Valid Login Command.
Control Policy
Users' access to SWR in any mode is restricted by the SWR access control policy. Currently, SWR supports the following control policies:
Access Mode |
Description |
Reference |
|
---|---|---|---|
Permissions control |
IAM permissions |
IAM permissions define which actions on your cloud resources are allowed and which actions are denied, to control access to your resources. After an IAM user is created, the administrator adds it to a user group. The administrator can assign the user group required SWR access permissions and all users in this group then inherit the assigned permissions. |
|
Image permissions |
The image permissions refer to the permissions to read, edit, and manage an image. In addition to assigning permissions to users in IAM, the administrator can add, modify, and delete permissions for IAM users in the image details page on SWR console. |
||
Organization permissions |
Organizations enable efficient management of images. Organizations are used to isolate image repositories. With each organization being limited to one company or department, images can be managed in a centralized and efficient manner. An image name needs to be unique within an organization. An IAM user can join different organizations. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.