Cloud Services that Support Resource-Level Authorization Using IAM
If you want to grant an IAM user permissions for specific resources, create a custom policy that contains permissions for the resources, and attach the policy to the user. The user then only has the permissions for the specified resources. For example, to grant an IAM user permissions for buckets whose names start with TestBucket, create a custom policy, specify the resource path as OBS:*:*:bucket:TestBucket*, and attach the policy to the user.
The following table lists the cloud services that support resource-level authorization and the supported resource types.
Service |
Resource Type |
Resource Name |
---|---|---|
Elastic Cloud Server (ECS) |
instance |
ECS |
Elastic Volume Service (EVS) |
volume |
EVS disk |
bucket |
Bucket |
|
object |
Object |
|
Virtual Private Cloud (VPC) |
publicip |
EIP |
Software Repository for Container (SWR) |
chart |
Chart |
repository |
Repository |
|
instance |
Instance |
|
queue |
DLI queue |
|
database |
DLI database |
|
table |
DLI table |
|
column |
DLI column |
|
datasourceauth |
DLI security authentication information |
|
jobs |
DLI job |
|
resource |
Resource package |
|
elasticresourcepool |
Elastic resource pool |
|
group |
Resource package group |
|
Graph Engine Service (GES) |
graphName |
GES graph name |
backupName |
GES backup name |
|
metadataName |
Metadata name |
|
function |
Function |
|
trigger |
Trigger |
|
KeyId |
Key ID |
|
cluster |
Cluster |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.