Workspace
Workspace
- Function Overview
- Service Overview
- Getting Started
-
User Guide(Administrator)
- Dashboard
-
Desktop Management
- Managing Desktops
- Viewing Desktops That Fail to Be Created
- Modifying Specifications
- Recomposing a System Disk
- Adding a Disk
- Expanding the Disk Capacity
- Deleting a Disk
- Managing Tags
- Converting a Desktop to an Image
- Configuring a Desktop Network
- Changing the Desktop Billing Mode (from Pay-per-Use to Yearly/Monthly)
- Renewing a Yearly/Monthly-Billed Desktop
- Unsubscribing from a Desktop
-
Desktop Pool Management
- Managing Desktop Pools
- Viewing Desktops That Fail to Be Created in the Desktop Pool
- Modifying Specifications
- Adding a Desktop to a Desktop Pool
- Recomposing a System Disk
- Adding Disks
- Expanding the Disk Capacity
- Deleting Disks
- Creating an Image
- Adding Users or User Groups
- Removing Users or User Groups
- Renewing a Yearly/Monthly-Billed Desktop Pool
- Unsubscribing from a Desktop Pool
- Users
- User Groups
- Policy Management
- OU Management
- User Login Records
-
Tenant Configuration
-
Basic Configuration
- Configuring an AD Domain
- Configuring AD Domain Certificate Authentication
- Changing the Domain Administrator Password
- Modifying Domain Configurations
- Changing the Internet Access Mode
- Changing the Service Subnet
- Changing the Internet Access Port
- Canceling a Service
- Reactivating a Service
- Configuring Multi-Factor Authentication
- Configuring Whether to Block Notification Emails for Desktop Unsubscription or Deletion
- Multi-VPC Workspace
- Authentication Configuration
-
Basic Configuration
- Internet Access Management
- Scheduled Tasks
- Application Center
- Private Images
- Permission Management
- Data Backup and Restoration
- Common Function Configuration
- Subscribing to an Event
- Change History
-
User Guide(End Users)
- Getting to Know Workspace
- Introduction to Terminals
- Logging In to a Desktop Using an SC
- Logging In to a Desktop Using a TC
- Logging In to a Desktop Using a Mobile Terminal
- Desktop Assistant
- Changing the Login Password
- Forbidden Operations
- Configuring Dual-Screen Display
- Configuring Common Functions
- Change History
- Best Practices
-
FAQs
-
FAQs for Administrators
- What Are the Features and Advantages of Workspace?
- How Is Workspace Charged?
- How Do I Check My Quotas?
- How Do I Increase My Quotas?
- How Do I Add a Disk?
- How Do I Connect the Desktop to a Local Printer?
- How Do I Connect the Desktop to a Network Printer?
- How Do I Do If the Desktop Fails to Connect to the AD?
- Can I Change the User Authentication Mode of the Desktop?
- How do I Enable LDAPS on the AD Server?
- How do I Export the Root Certificate of an LDAPS-enabled AD server?
- What If I Fail to Purchase a Desktop?
- How Do I Do If the Functions of Purchasing a Desktop, Creating a User, Creating a Policy, and Enabling the Internet are Unavailable?
- Can I Use Private Images to Purchase Desktops?
- How Many Private Images Can Be Created on Workspace at Most?
- What Are the Network Requirements for Logging In to Desktops?
- How Do I Do If My Desktop Cannot Access the Internet?
- How Do I Configure Workspace to Access the Internet?
- How Do I Configure Workspace to Access the Enterprise Intranet?
- How Do I Enable the Internet on Other Cloud Service Pages?
- How Do I Copy Files Between a Desktop and a Local Storage Device?
- What If I Lost the Administrator Password?
- How Does an Administrator Unlock an End User Account?
- How Do I Do If an End User Fails to Log In to a Desktop?
- How Do I Back Up and Restore a Desktop?
- How Do I Do If a Message Is Displayed Indicating Duplicate Policy Names During Policy Import?
- How Do I Do If a User Cannot Be Bound to a Client Using the Dynamic Verification Code of the Previously Bound MFA Device?
- How Do I Do If the Message "Insufficient permissions for the IAM account. Security Administrator permissions required." Is Displayed When I Enable an Agency?
- How Do I Do If a User Does Not Receive an Email for Creating a Desktop or Assigning a User?
- How Do I Add Resources to or Remove Resources from an Enterprise Project After Purchasing Workspace?
- Why Can't I Start a Pay-per-Use Cloud Desktop?
-
FAQs for End Users
-
Desktop Usage Issues
- How Do I Do If the Desktop Freezes?
- How Do I Do If the Disk Space Is Insufficient?
- How Do I Enter the CLI Mode?
- How Do I Do If My Desktop Cannot Connect to the Internet?
- Do Cloud Desktops Support Personalized Settings?
- How Do I Take a Screenshot?
- How Do I Do If the Printer Cannot Be Used?
- What If I Can't Use Network Printers on Workspace?
- How Do I Download the Software?
- How Do I Do If Data Disks of a Windows Desktop Cannot Be Found After Recomposing the System Disk?
- What Do I Do If I Cannot Copy Files Between a Desktop and a Local Storage Device?
- How Do I Do If the Desktop Screen Cannot Be Adapted?
- How Do I Do If I Cannot Receive an Email for Creating a Desktop or Assigning a User?
- How Do I Manually Configure Time Synchronization on a Windows Desktop?
- Do Not Disable the Following Ports on Desktops and Access Network
-
Login Issues
- How Do I Do If I Forget the Password?
- What If the Account Is Locked?
- What Devices Can Be Used to Log In to a Desktop?
- What If I Fail to Log in to a Desktop?
- How Do I Do If I Cannot Pass Multi-Factor Authentication?
- How Do I Do If the System Displays a Message Indicating that the Login Fails Due to Policy Restrictions?
-
OS Issues
- Can I Update the Desktop OS?
- What OSs Can Run on Workspace?
- Which Software Cannot Be Uninstalled?
- Which Files Cannot Be Deleted?
- Which Software Cannot Be Upgraded?
- Which Ports Cannot Be Deleted?
- Which Commands Cannot Be Executed?
- How Do I Query the System Information?
- Is There Any Help Document for OSs?
-
Desktop Usage Issues
- Change History
-
FAQs for Administrators
-
User Guide (Application Streaming)
- Overview
-
Administrator Operation Guide
- Operation Procedure
- Logging In to the Workspace Application Streaming Console
- Enabling the Service
- Creating a User
- Applications and Images
- Server Groups
- Application Groups
- User Management
- Policy Groups
- Monitoring Analysis
- OU Management
- Application Internet Access Management
- Upgrading Protocol Components
- Scheduled Tasks
- Storage
- Tenant Configuration
- Private Images
- Configuring Personalized Data
- Subscribing to an Event
- Permissions Management
- Configuring Common Functions
-
FAQs
- What Is the Relationship Between Workspace Application Streaming and Workspace?
- What Types of Applications Can Be Published?
- What Can I Do If an Application Fails to Be Published?
- How Do I Deploy a Windows AD Server?
- How Do I Deploy an RD Licensing Server?
- How Do I Configure RDS Licensing and Security Policies?
- How Do I Create a User OU on the AD Server?
- How Do I Create a User Group on the AD Server?
- How Do I Create a User on the AD Server?
- How Do I Configure Network Connection Between Workspace Application Streaming and the Windows AD?
- How Do I Log in to an APS?
- How Do I Purchase the NAT and EIP Services to Enable Cloud Applications to Be Accessed Through the Internet?
- How Do I Check My Quotas?
- How Do I Increase My Quotas?
- How Do I Do If the Application Operation Page Has Black Borders and Cannot Be Moved?
- How Do I Do If an End User Fails to Log In to a Cloud Application?
- How Do I Reset a User Password?
- How Do I Do If I Fail to Add a Computer Back to the Domain?
- How Do I Add an ECS to the Domain of an APS?
- How Do I Use the GPO Group Policy to Make a Domain User Become a Local Administrator of a PC?
- How Do I Install Sandbox Software?
- How Do I Do If There Is No Sound or the Screen Is Frozen While There Is Sound When Using Google Chrome or Bilibili Player for Video Playback?
- How Do I Do If the Window Cannot Be Dragged When the Sandbox Application Is Started?
- RD License Server Fails to Be Added to the AD domain
- Error Code 6030/6047 Reported When Accessing a Shared Desktop Application
- File Resources on the APS Cannot Be Automatically Refreshed During Workspace Application Streaming Operations
- How Do I Update or Add an Application?
- How Do I Authorize an IAM User to Use Workspace Application Streaming?
- How Do I Calculate the Number of Concurrent Sessions of a Cloud Application?
- What If I Can't Open a Cloud Application?
-
Terminal User Operation Guide
- Process
- Using an Application on a Soft Client
- Using an Application on a Thin Client
-
FAQs
- How Do I Do If the Cloud Application Cannot Be Used?
- How Do I Do If I Cannot View Cloud Applications on Desktops?
- How Do I Do If I Forget the Password?
- How Do I Do If the Account is Locked?
- How Do I Do If I Fail to Log In to the Client?
- How Do I Enable a Local Storage Device to Copy Files to an APS?
- How Do I Recover Important Files and Documents from the Sandbox to the Local Computer?
- How Do I Delete a Sandbox?
- How Do I Remove the Yellow Border of an Application After the Sandbox Application Is Started?
- Change History
On this page
Show all
Entrustment Description
Updated on 2023-12-04 GMT+08:00
Workspace works closely with multiple cloud service resources, such as computing, network, and images. When you create a scheduled task for recomposing a system disk or create a desktop pool, Workspace automatically requests permissions to access the cloud services in the region. Specifically:
- ECS permissions
When you create a desktop, an ECS is created accordingly. Therefore, the permission to access ECS is required.
- IMS permissions
Workspace supports image creation. Therefore, the permission to access IMS is required.
- Administrator permissions for related cloud services
Workspace supports scheduled disk recomposing and auto scaling. Therefore, the tenant administrator permissions are required.
- VPC service permissions
Workspace allows created networks to run on VPCs. Therefore, the permission to access the VPC service is required.
- OBS permissions
Workspace supports scale-out and storage addition. Therefore, the permissions to access EVS disks, SFS, and OBS are required.
After the permission granting is approved, an agency named workspace_admin_trust will be created on IAM. To ensure normal service usage, do not delete or modify the workspace_admin_trust agency when performing scheduled tasks or using the desktop pool.
- workspace_admin_trust agency description
The workspace_admin_trust agency has the permissions as Tenant Administrator. Tenant Administrator has the permissions on all cloud services except IAM and can call the cloud services on which Workspace depends. The delegation takes effect only in the current region.
To use Workspace in multiple regions, you need to request cloud resource permissions in each region. To view the delegation records of each region, go to the IAM console, choose Agencies, and click workspace_admin_trust.
NOTE:
Workspace may malfunction if the Tenant Administrator role is not assigned. Therefore, do not delete or modify the workspace_admin_trust agency when using Workspace.
The workspace_admin_trust agency may need to be delegated again in the following scenarios:- The permissions required by Workspace may change with the version. For example, if a new component requires new permissions, Workspace will update the expected permission list. In this case, you need to delegate the workspace_admin_trust agency again.
- If you manually change the permissions of the workspace_admin_trust agency, and the new permissions of this agency are different from those expected by Workspace, a message is displayed asking you to grant the permissions. If you grant the new permissions, the previous permissions may become invalid.
Parent topic: Permission Management
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
The system is busy. Please try again later.
