هذه الصفحة غير متوفرة حاليًا بلغتك المحلية. نحن نعمل جاهدين على إضافة المزيد من اللغات. شاكرين تفهمك ودعمك المستمر لنا.
- What's New
- Service Overview
- Getting Started
-
User Guide
- IAM Permissions Management
- Getting Started
- Managing DIS Streams
-
Using DIS
- Checking and Configuring DNS Information
- Uploading Data by Using Agent
- Using DIS Flume Plugin to Upload and Download Data
- Using a DIS Logstash Plugin to Upload and Download Data
- Using Kafka Adapter to Upload and Download Data
- Using SparkStreaming SDK to Download Data
- Using a DIS Flink Connector to Upload and Download Data
- Managing a Dump Task
- Managing Enterprise Projects
- Notifying Events
- Monitoring
- Best Practices
-
SDK Reference
- Overview
- Related Resources
- Enabling DIS
- Creating a DIS Stream
- Obtaining Authentication Information
-
Getting Started with SDK
-
Using the Java SDK
- Preparing the Environment
- Configuring a Sample Project
- Initializing a DIS SDK Client Instance
- Creating a Stream
- Creating a Dump Task
- Updating a Dump Task
- Deleting a Dump Task
- Querying a Dump Task List
- Querying Dump Details
- Deleting a Stream
- Querying a Stream List
- Querying Stream Details
- Downloading Streaming Data
- Uploading Streaming Data
- Obtaining the Data Cursor
- Creating an Application
- Deleting an Application
- Adding a Checkpoint
- Querying a Checkpoint
- Changing Partition Quantity
- Using Kafka Adapter to Upload and Download Data
-
Using the Python SDK
- Preparing the Installation Environment
- Configuring a Sample Project
- Initializing a DIS SDK Client Instance
- Creating a Stream
- Creating a Dump Task
- Deleting a Stream
- Deleting a Dump Task
- Querying a Stream List
- Querying a Dump Task List
- Querying Stream Details
- Querying Dump Details
- Uploading Streaming Data in JSON Format
- Uploading Streaming Data in Protobuf Format
- Downloading Streaming Data
- Creating an Application
- Deleting an Application
- Viewing Application Details
- Querying an Application List
- Adding a Checkpoint
- Querying a Checkpoint
- Changing Partition Quantity
- Obtaining a Data Cursor
-
Using the Java SDK
- Error Codes
- Change History
- API Reference
-
FAQs
-
General Questions
- What Is DIS?
- What Is a Partition?
- What Can I Do with DIS?
- What Advantages Does DIS Have?
- Which Modules Do DIS Have?
- How Do I Create a DIS Stream?
- What Is the Difference Between Storing Data into DIS and Dumping Data Elsewhere?
- How Do I Check Software Package Integrity?
- How Do I Send and Retrieve Data Using DIS?
- What Is Data Control?
- Dump Questions
- DIS Agent Questions
-
General Questions
- General Reference
Show all
Copied.
Permissions Management
By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign permissions policies or roles to these groups. The user then inherits permissions from the groups it is a member of. This process is called authorization. After authorization, the users can perform specified operations on GES based on the permissions.
With IAM, you can use your cloud account to create IAM users for your employees, and assign permissions to the users to control their access to specific resource types. For example, some software developers in your enterprise need to use DIS resources but must not delete them or perform any high-risk operations. To achieve this result, you can create IAM users for the software developers and grant them only the permissions required for using DIS resources.
If your cloud account does not need individual IAM users for permissions management, you may skip over this chapter.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see the IAM Service Overview.
DIS Permissions
By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign permissions policies or roles to these groups. The user then inherits permissions from the groups it is a member of. This process is called authorization. After authorization, the users can perform specified operations on GES based on the permissions.
DIS is a project-level service deployed in specific physical regions. Therefore, DIS permissions are assigned to users in specific regions (such as CN-Hong Kong) and only take effect for these regions. If you want the permissions to take effect for all regions, you need to assign the permissions to users in each region. When accessing DIS, the users need to switch to a region where they have been authorized to use cloud services.
You can grant users permissions by using roles and policies.
Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. This mechanism provides only a limited number of service-level roles for authorization. When using roles to grant permissions, you need to also assign other roles on which the permissions depend to take effect. However, roles are not an ideal choice for fine-grained authorization and secure access control.
Table 1 lists all the system permissions supported by DIS. Dependencies are permissions on which a system permission depends to take effect. For example, some DIS permissions are dependent on the permissions of other services. When assigning DIS permissions to users, you need to also assign dependent policies for the DIS permissions to take effect.
|
System-Defined Role |
Description |
Dependencies |
|---|---|---|
|
DIS Administrator |
Administrator permissions for DIS. Users granted these permissions can operate and use all DIS resources. |
N/A |
|
DIS Operator |
Stream management permissions for DIS. Users granted these permissions can manage streams, such as creating or deleting streams, but cannot upload or download data. |
N/A |
|
DIS User |
Stream use permissions for DIS. Users granted these permissions can upload and download data but cannot manage streams. |
N/A |
Table 2 lists the common operations supported by each system permission of DIS. Choose proper system permissions according to this table.
|
Operation |
DIS Administrator |
DIS Operator |
DIS User |
|---|---|---|---|
|
Creating streams |
√ |
√ |
x |
|
Deleting streams |
√ |
√ |
x |
|
Querying the stream list |
√ |
√ |
√ |
|
Querying stream details |
√ |
√ |
√ |
|
Viewing stream monitoring information |
√ |
√ |
√ |
|
Querying partition monitoring information |
√ |
√ |
√ |
|
Obtaining stream consumption information |
√ |
√ |
√ |
|
Changing partition quantity |
√ |
√ |
x |
|
Uploading data |
√ |
x |
√ |
|
Obtaining data cursors |
√ |
x |
√ |
|
Downloading data |
√ |
x |
√ |
|
Creating applications |
√ |
√ |
√ |
|
Querying application details |
√ |
√ |
√ |
|
Querying the application list |
√ |
√ |
√ |
|
Deleting applications |
√ |
√ |
√ |
|
Adding checkpoints |
√ |
x |
√ |
|
Querying checkpoints |
√ |
√ |
√ |
|
Deleting checkpoints |
√ |
x |
√ |
|
Creating dump tasks |
√ |
√ |
√ |
|
Querying dump task details |
√ |
√ |
√ |
|
Querying the dump task list |
√ |
√ |
√ |
|
Deleting dump tasks |
√ |
√ |
√ |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
