Cloud Services that Support Resource-Level Authorization Using IAM
If you want to grant an IAM user permissions for specific resources, create a custom policy that contains permissions for the resources, and attach the policy to the user. The user then only has the permissions for the specified resources. For example, to grant an IAM user permissions for buckets whose names start with TestBucket, create a custom policy, specify the resource path as OBS:*:*:bucket:TestBucket*, and attach the policy to the user.
The following table lists the cloud services that support resource-level authorization and the supported resource types.
|
Service |
Resource Type |
Resource Name |
|---|---|---|
|
Elastic Cloud Server (ECS) |
instance |
ECS |
|
Elastic Volume Service (EVS) |
volume |
EVS disk |
|
Object Storage Service (OBS) |
bucket |
Bucket |
|
object |
Object |
|
|
Software Repository for Container (SWR) |
chart |
Chart |
|
repository |
Repository |
|
|
instance |
Instance |
|
|
Data Lake Insight (DLI) |
queue |
DLI queue |
|
database |
DLI database |
|
|
table |
DLI table |
|
|
column |
DLI column |
|
|
datasourceauth |
DLI security authentication information |
|
|
jobs |
DLI job |
|
|
Graph Engine Service (GES) |
graphName |
GES graph name |
|
backupName |
GES backup name |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
