- What's New
- Function Overview
- Service Overview
- Billing
- Getting Started
-
User Guide
- Before You Start
- Creating a User and Granting CSE Permissions
-
ServiceComb Engines
- ServiceComb Engine Overview
- Creating a ServiceComb Engine
-
Managing ServiceComb Engines
- Viewing ServiceComb Engine Information
- Managing ServiceComb Engine Tags
- Managing Public Network Access for a ServiceComb Engine
- Managing Security Authentication for a ServiceComb Engine
- Configuring Backup and Restoration of a ServiceComb Engine
- Upgrading a ServiceComb Engine
- Changing ServiceComb Engine Specifications
- Viewing ServiceComb Engine Operation Logs
- Deleting a ServiceComb Engine
- Viewing Microservice Running Metrics Through the Microservice Dashboard
- Managing Microservices
- Service Scenario Governance (Applicable to ServiceComb Engine 2.x)
-
Microservice Governance (Applicable to ServiceComb Engine 1.x and 2.4.0+)
- Microservice Governance Overview
- Configuring a Load Balancing Policy
- Configuring a Rate Limiting Policy
- Configuring a Service Degradation Policy
- Configuring a Fault Tolerance Policy
- Configuring a Circuit Breaker Policy
- Configuring a Fault Injection Policy
- Configuring Blacklist and Whitelist
- Configuring Public Key Authentication
- Configuration Management (Applicable to ServiceComb Engine 2.x)
- Configuration Management (Applicable to ServiceComb Engine 1.x)
- System Management
- Nacos Engines
- Key Operations Recorded by CTS
-
Best Practices
- CSE Best Practices
-
ServiceComb Engines
-
ServiceComb Engine Application Hosting
- Hosting Spring Cloud Applications Using Spring Cloud Huawei SDK
- Hosting a Java Chassis Application
-
ServiceComb Engine Application Hosting
- Registry/Configuration Centers
-
Developer Guide
- Overview
- Developing Microservice Applications
- Preparing the Environment
- Connecting Microservice Applications
- Deploying Microservice Applications
- Using ServiceComb Engine Functions
- Appendix
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- Examples
-
CSE API
- API Calling
- Dynamic Configuration
-
Engine Management
- Querying the Flavor List of a Microservice Engine
- Querying the Microservice Engine List
- Creating a Microservice Engine
- Querying Microservice Engine Details
- Querying Details About a Microservice Engine Job
- Querying Details About the Microservice Engine Quota
- Deleting a Microservice Engine
- Upgrading a Microservice Engine
- Updating Microservice Engine Configurations
- Changing Microservice Engine Specifications
- Retrying an Exclusive ServiceComb Engine Job
- Updating Microservice Engine Details
- Querying the Engine Job List
- Querying an RBAC Token
-
Microservice Governance
- Querying the Governance Policy List
- Creating a Dark Launch Policy
- Querying a Dark Launch Policy
- Deleting a Dark Launch Policy
- Changing a Governance Policy
- Deleting a Governance Policy
- Querying Governance Policy Details
- Creating a Governance Policy
- Querying the Governance Policy List of a Specified Kind
- Querying Microservice Thresholds in Batches
- Querying Microservice Reporting Information
- Querying the Reported Information List
- Nacos API
-
ServiceComb API
- API Calling
- Authentication
-
Microservice
- Querying Information About a Microservice
- Deleting Definition Information About a Microservice
- Querying Information About All Microservices
- Creating Static Information for a Microservice
- Deleting Static Information About Microservices in Batches
- Modifying Extended Attributes of a Microservice
- Querying the Unique Service or Schema ID of a Microservice
- Schema
-
Microservice Instance
- Registering a Microservice Instance
- Querying a Microservice Instance Based on service_id
- Deregistering a Microservice Instance
- Querying Details About a Microservice Instance
- Modifying the Extended Information About a Microservice Instance
- Modifying Status of a Microservice Instance
- Sending Heartbeat Information
- Querying a Microservice Instance by Filter Criteria
- Querying Microservice Instances in Batches
- Dependency
- Configuration Management
- Appendixes
- Change History
- SDK Reference
-
FAQs
- Precautions When Using Huawei Cloud CSE
- Nacos Engines
-
ServiceComb Engines
- How Do I Perform Local Development and Testing?
- How Can I Handle a Certificate Loading Error?
- What If the Header Name Is Invalid?
- What Is the Performance Loss of Mesher?
- Why Is "Version validate failed" Displayed When I Attempt to Connect to the Service Center?
- Why Is "Not enough quota" Displayed When I Attempt to Connect to the Service Center?
- What Should I Do If the Service Registration Fails After IPv6 Is Enabled for the Exclusive ServiceComb Engine with Security Authentication Enabled?
- What Is Service Name Duplication Check?
- Why Do I Have to Define Service Contracts?
- Why Are Microservice Development Framework and Netty Versions Unmatched?
- What Do I Need to Know Before Upgrading an Exclusive ServiceComb Engine?
- What Must I Check Before Migrating Services from the Professional to the Exclusive Microservice Engine?
- Why Is "Duplicate cluster name" Displayed?
- Error Message "the subnet could not be found" Is Displayed When the Access Address Fails to Be Processed During Engine Creation
- Why Is Error "does not match rule: {Max: 100, Regexp: ^[a-zA-Z0-9]{1,160}$|^[a-zA-Z0-9][a-zA-Z0-9_\-.]{0,158}[a-zA-Z0-9]$}"}" Reported?
- What Should I Do If SpringCloud Applications Fail to Connect to the Configuration Center of ServiceComb Engine 2.x?
- Why Could My the Global Configuration Not Be Modified?
- Obtain Configurations Failed
- Videos
- General Reference
Copied.
Creating a User and Granting CSE Permissions
This section describes how to use IAM to implement fine-grained permissions control for your CSE resources. With IAM, you can:
- Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials for access to CSE resources.
- Grant only the permissions required for users to perform a task.
- Entrust a Huawei Cloud account or cloud service to perform professional and efficient O&M on your CSE resources.
If your Huawei Cloud account does not require individual IAM users, skip this section.
This section describes the procedure for granting permissions (see Figure 1).
Prerequisites
Before assigning permissions to user groups, you should learn about CSE policies and select the policies based on service requirements.
- For details about system permissions supported by CSE, see Permissions.
- To grant permissions for other services, learn about all permissions supported by IAM by referring to System-defined Permissions.
Process Flow
- Create a user group and grant permissions to it.
Create a user group on the IAM console, and grant the CSE ReadOnlyAccess policy to the group.
- Create a user and add it to the user group.
Create a user on the IAM console and add the user to the group created in 1.
- Log in to CSE and verify permissions.
Log in to the CSE console as the created user, and verify that it has the read-only permission for CSE.
- In Service List, choose Cloud Service Engine. On the console, choose ServiceComb > Buy Exclusive Microservice Engine. If a message is displayed indicating insufficient permissions, the ReadOnlyAccess policy has taken effect.
- Choose any other service in Service List. If a message is displayed indicating insufficient permissions to access the service, the ReadOnlyAccess policy has taken effect.
CSE Custom Policies
Custom policies can be created as a supplement to the system-defined policies of CSE.
You can create custom policies in either of the following ways:
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
- JSON: Create a JSON policy or edit an existing one.
For details, see Creating a Custom Policy. The following section contains examples of common CSE custom policies.
Example Custom Policies
{
"Version": "1.1",
"Statement": [
{
"Action": [
"cse:*:*"
],
"Effect": "Allow"
},
{
"Action": [
"cse:engine:create",
"cse:engine:delete"
],
"Effect": "Deny"
}
]
}
A policy with only "Deny" permissions must be used together with other policies. If the permissions assigned to a user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.
You can verify your granted permissions using the console or REST APIs.
The following uses the custom policy as an example to describe how to verify that a user is not allowed to create microservice engines on the console.
- Log in to Huawei Cloud as an IAM user.
- Tenant name: Name of the account used to create the IAM user
- IAM username and IAM user password: Username and password specified during IAM user creation using the Tenant name
- Create a microservice engine on the CSE console. If error 403 is returned, the permissions are correct and are in effect.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot