Help Center/ Graph Engine Service/ User Guide/ Permissions Management/ Policy Permissions/ System-Defined Policies
Updated on 2024-01-03 GMT+08:00
View PDF

System-Defined Policies

Table 1 GES system-defined policies

Policy Name

Description

GES FullAccess

Permissions for all operations on GES, including creating, deleting, accessing, and updating graphs.

NOTE:
  • Users with the permissions of this policy also need the following policy permissions granted: Tenant Guest, Server Administrator, and VPC Administrator.
  • To use resources stored on OBS for other services, you need the OBS OperateAccess permission. OBS is a global service. You can find the corresponding OBS policy in the Global service project scope.

GES Development

Operator permissions for all operations except creating, deleting, resizing, and expanding graphs.

NOTE:
  • To use resources stored on OBS for other services, you need the OBS OperateAccess permission. OBS is a global service. You can find the corresponding OBS policy in the Global service project scope.

GES ReadOnlyAccess

Read-only permissions for viewing resources, such as graphs, metadata, and backup data.

NOTE:

To use resources stored on OBS for other services, you need the OBS OperateAccess permission. OBS is a global service. You can find the corresponding OBS policy in the Global service project scope.

It takes about 13 minutes for an OBS role to take effect after being applied to a user or group. A policy takes about 5 minutes.

Table 2 Common operations supported by each system-defined policy

Operation

GES FullAccess

GES Development

GES ReadOnlyAccess

Resource

Querying the graph list

Yes

Yes

Yes

-

Querying graph details

Yes

Yes

Yes

graphName

Creating graphs

Yes

No

No

graphName

Accessing graphs

Yes

Yes

No

graphName

Stopping graphs

Yes

Yes

No

graphName

Starting graphs

Yes

Yes

No

graphName

Deleting graphs

Yes

No

No

graphName

Importing Incremental data to graphs

Yes

Yes

No

graphName

Exporting graphs

Yes

Yes

No

graphName

Clearing graphs

Yes

Yes

No

graphName

Upgrading graphs

Yes

Yes

No

graphName

Resizing a Graph

No

No

graphName

Expanding a Graph

No

No

graphName

Restarting a Graph

Yes

No

graphName

Binding EIPs

Yes

Yes

No

graphName

Unbinding an EIP

Yes

Yes

No

graphName

Querying backups of all graphs

Yes

Yes

Yes

-

Querying backups of a graph

Yes

Yes

Yes

-

Adding backups

Yes

Yes

No

backupName

Deleting a graph backup

Yes

Yes

No

backupName

Querying the metadata list

Yes

Yes

Yes

-

Querying metadata

Yes

Yes

Yes

metadataName

Verifying metadata

Yes

Yes

No

-

Adding metadata

Yes

Yes

No

metadataName

Deleting metadata

Yes

Yes

No

metadataName

Querying task statuses

Yes

Yes

Yes

-

Querying the task list

Yes

Yes

Yes

-

Configuring fine-grained permissions

Yes

No

-

Configuring user groups

Yes

No

-

Importing IAM users

Yes

No

-

Viewing user details

Yes

Yes

-
Parent topic: Policy Permissions