Permissions Management
If you need to assign different permissions to employees in your enterprise to access your DBSS resources, IAM is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your cloud resources.
With IAM, you can use your account to create IAM users for your employees, and assign permissions to the users to control their access to specific resource types. For example, some software developers in your enterprise need to use DBSS but must not delete DBSS resources or perform any high-risk operations. To achieve this result, you can create IAM users for the software developers and grant them only the permissions required for using DBSS resources.
If your account does not need individual IAM users for permissions management, then you may skip over this chapter.
DBSS Permissions
By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. After authorization, the user can perform specified operations on BMS based on the permissions.
DBSS is a project-level service deployed and accessed in specific physical regions. To assign DBSS permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect. If All projects is selected, the permissions will take effect for the user group in all region-specific projects. When accessing DBSS, the users need to switch to a region where they have been authorized to use cloud services.
DBSS roles are dependent on the roles of other services. When assigning DBSS permissions to users, you need to also assign dependent roles for the DBSS permissions to take effect.
|
Role Name |
Description |
Dependency |
|---|---|---|
|
DBSS System Administrator (DBSS system administrator, who has the permissions to perform operations on DBSS system resources) |
|
To perform payment operations (for example, purchasing or renewing a DBSS instance), you must have the BSS Administrator, VPC Administrator, and ECS Administrator roles.
|
|
DBSS Audit Administrator (DBSS audit administrator, who has the permissions to check DBSS security logs) |
|
None |
|
DBSS Security Administrator (DBSS security administrator, who has the permissions to set DBSS security policies) |
|
None |
Table 2 lists the common operations supported by each system-defined permission of DBSS. Select the permissions as needed.
|
Operation |
DBSS System Administrator |
DBSS Audit Administrator |
DBSS Security Administrator |
|---|---|---|---|
|
Purchasing an instance |
√ |
× |
× |
|
Starting, disabling, and restarting an instance |
√ |
× |
× |
|
Obtaining the instance list |
√ |
√ |
√ |
|
Obtaining the basic information of an instance |
√ |
√ |
√ |
|
Obtaining the audit statistics |
√ |
√ |
√ |
|
Obtaining the monitoring information |
√ |
√ |
√ |
|
Obtaining the operation logs |
√ |
√ |
√ |
|
Managing databases |
√ |
× |
× |
|
Managing agents |
√ |
× |
× |
|
Configuring email notifications |
√ |
× |
× |
|
Backup and restoration |
√ |
× |
× |
|
Obtaining the report results |
× |
√ |
√ |
|
Obtaining the rule information |
× |
√ |
√ |
|
Obtaining the statement information |
× |
√ |
√ |
|
Obtaining the session information |
× |
√ |
√ |
|
Obtaining the database list |
√ |
√ |
√ |
|
Managing reports |
× |
√ |
√ |
|
Configuring audit rules |
× |
× |
√ |
|
Configuring alarm notifications |
× |
× |
√ |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
