Role Permissions

Tenant Guest

Regular tenant users

• Permissions: querying GES resources
• Scope: project-level service

GES Administrator

GES administrator

• Permissions: performing any operations on GES resources
• Scope: project-level service
  NOTE:

  If you have the Tenant Guest, Server Administrator, and VPC Administrator permissions, you can perform any operations on GES resources. If you do not have the Tenant Guest or Server Administrator permission, you cannot use GES properly.

  • If you need to bind or unbind an EIP, you need the Security Administrator permissions to create agencies.
  • If GES needs to interact with OBS, for instance, when creating and importing data, OBS permissions are required. For details, see Common GES operations supported by each OBS policy. When granting OBS permissions, specify the permission scope as global service resources.

GES Manager

GES manager

• Permissions: performing any operations on GES resources other than creating, deleting, resizing, and expanding graphs
• Scope: project-level service
  NOTE:

  If you have both Tenant Guest and Server Administrator permissions, you can perform any operations on GES resources except for creating and deleting graphs. If you do not have the Tenant Guest permission, you cannot use GES properly.

  • If you need to bind or unbind an EIP, you need the Security Administrator and Server Administrator permissions.
  • If GES needs to interact with OBS, for instance, when importing data, OBS permissions are required. For details, see Common GES operations supported by each OBS policy. When granting OBS permissions, specify the permission scope as global service resources.

GES Operator

Regular GES users

• Permissions: viewing and accessing GES resources
• Scope: project-level service

Creating graphs

Yes

No

No

No

Deleting graphs

Yes

No

No

No

Querying graphs

Yes

Yes

Yes

Yes

Accessing graphs

Yes

Yes

Yes

No

Importing data

Yes

Yes

No

No

Creating metadata files

Yes

Yes

No

No

Checking metadata files

Yes

Yes

Yes

Yes

Copying metadata files

Yes

Yes

No

No

Editing metadata files

Yes

Yes

No

No

Deleting metadata files

Yes

Yes

No

No

Clearing data

Yes

Yes

No

No

Backing up graphs

Yes

Yes

No

No

Restoring graphs from backups

Yes

Yes

No

No

Deleting backups

Yes

Yes

No

No

Querying backups

Yes

Yes

Yes

Yes

Starting graphs

Yes

Yes

No

No

Stopping graphs

Yes

Yes

No

No

Upgrading graphs

Yes

Yes

No

No

Exporting graphs

Yes

Yes

No

No

Binding EIPs

Yes

Yes

No

No

Unbinding an EIP

Yes

Yes

No

No

Checking results in the task center

Yes

Yes

Yes

Yes

Resizing a graph

√

No

No

×

Expanding a graph

√

No

No

×

Restarting a graph

√

Yes

No

×

Configuring fine-grained permissions

√

Yes

No

×

Configuring user groups

√

Yes

No

×

Importing IAM users

√

Yes

No

×

Checking user details

√

Yes

Yes

√

Viewing metadata

OBS Viewer policy or OBS Buckets Viewer role

Creating, importing, copying, editing, and deleting metadata

OBS Operator policy or Tenant Administrator role

Creating, importing, and exporting graphs

OBS Operator policy or Tenant Administrator role

Importing IAM users

iam:users:listUsers (custom policy), IAM ReadOnlyAccess (system policy), or Server Administrator role

Creating or editing a user group

iam:users:listUsers (custom policy), IAM ReadOnlyAccess (system policy), or Server Administrator role