- What's New
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- Overview
- Permissions Management
- Basics of Docker
-
Image Management
- Pushing an Image Through a Container Engine Client
- Obtaining a Long-Term Valid Docker Login Command
- Obtaining a Long-Term Valid containerd Pull/Push Command
- Uploading an Image Through the SWR Console
- Pulling an Image
- Setting Image Attributes
- Sharing Private Images
- Adding a Trigger
- Adding an Image Retention Policy
- Image Center
- Organization Management
- User Permissions
- Auditing
- Best Practices
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
API
- Organization Management
- Image Repository Management
- Image Tag Management
- Shared Account Management
- API Versions
- Organization Permission Management
- Image Permission Management
- Automatic Image Synchronization Task Management
- Trigger Management
- Image Retention Policy Management
- Temporary Login Command
- Quota Management
- Example Applications
- Appendixes
- Change History
- FAQs
- Videos
- SDK Reference
Show all
Access Control
Access Mode
A bunch of tools, including console, command line tools, APIs, and SDKs, are provided for you to access SWR. No matter which method you use, you are accessing SWR through REST APIs.
The SWR APIs support both authenticated and anonymous requests. There will usually be anonymous requests in the scenarios that require public access, for example, accessing a hosted static website. In most cases, requests for SWR resources must be authenticated. An authenticated request must contain a signature value. The signature value is calculated based on the requestor's access keys (AK/SK) as the encryption factor and the specific information carried in the request body. AK/SK authentication uses AK/SK-based encryption to authenticate a request sender. For details about an AK/SK and how to obtain one, see Obtaining a Long-Term Valid Login Command.
Control Policy
Users' access to SWR in any mode is restricted by the SWR access control policy. Currently, SWR supports the following control policies:
|
Access Mode |
Description |
Reference |
|
|---|---|---|---|
|
Permissions control |
IAM permissions |
IAM permissions define which actions on your cloud resources are allowed and which actions are denied, to control access to your resources. After an IAM user is created, the administrator adds it to a user group. The administrator can assign the user group required SWR access permissions and all users in this group then inherit the assigned permissions. |
|
|
Image permissions |
The image permissions refer to the permissions to read, edit, and manage an image. In addition to assigning permissions to users in IAM, the administrator can add, modify, and delete permissions for IAM users in the image details page on SWR console. |
||
|
Organization permissions |
Organizations enable efficient management of images. Organizations are used to isolate image repositories. With each organization being limited to one company or department, images can be managed in a centralized and efficient manner. An image name needs to be unique within an organization. An IAM user can join different organizations. |
||
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
