Help Center/ Identity and Access Management/ User Guide/ Permissions Management/ Custom Policies/ Cloud Services that Support Resource-Level Authorization Using IAM
Updated on 2024-01-05 GMT+08:00

Cloud Services that Support Resource-Level Authorization Using IAM

If you want to grant an IAM user permissions for specific resources, create a custom policy that contains permissions for the resources, and attach the policy to the user. The user then only has the permissions for the specified resources. For example, to grant an IAM user permissions for buckets whose names start with TestBucket, create a custom policy, specify the resource path as OBS:*:*:bucket:TestBucket*, and attach the policy to the user.

The following table lists the cloud services that support resource-level authorization and the supported resource types.

Table 1 Cloud services that support resource-level authorization and the supported resource types

Service

Resource Type

Resource Name

Elastic Cloud Server (ECS)

instance

ECS

Elastic Volume Service (EVS)

volume

EVS disk

Object Storage Service (OBS)

bucket

Bucket

object

Object

Virtual Private Cloud (VPC)

publicip

EIP

Software Repository for Container (SWR)

chart

Chart

repository

Repository

instance

Instance

Data Lake Insight (DLI)

queue

DLI queue

database

DLI database

table

DLI table

column

DLI column

datasourceauth

DLI security authentication information

jobs

DLI job

resource

Resource package

elasticresourcepool

Elastic resource pool

group

Resource package group

Graph Engine Service (GES)

graphName

GES graph name

backupName

GES backup name

metadataName

Metadata name

FunctionGraph

function

Function

trigger

Trigger

Data Encryption Workshop (DEW)

KeyId

Key ID

GaussDB(DWS)

cluster

Cluster