CodeArts Console Permission Description
If you need to assign different permissions to employees in your enterprise to access your purchased CodeArts resources, Identity and Access Management (IAM) is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your resources.
With IAM, you can use your account to create IAM users, and assign permissions to the users to control their access to specific resources. For example, some software developers in your enterprise need to use CodeArts resources but should not be allowed to perform any other high-risk operations, such as buying CodeArts resources. In this scenario, you can create IAM users for the software developers and grant them only the permissions required for viewing CodeArts resources.
If you do not require individual IAM users, skip this chapter.
CodeArts Console Permissions
By default, new IAM users do not have any permissions. You need to add them to one or more groups, and then add permissions policies or roles to these groups. The users inherit permissions from their groups and can then perform specified operations on cloud services.
CodeArts is a project-level service deployed and accessed in specific physical regions. To assign permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect. If All projects is selected, the permissions will take effect for the user group in all region-specific projects. When accessing CodeArts, the users need to switch to a region where they have been authorized.
CodeArts uses policies for fine-grained authorization.
- Policies: a type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for more flexible authorization. Policies allow you to meet requirements for more secure access control. For example, you can grant CodeArts users only the permissions for performing specific operations on the CodeArts console.
Table 1 lists all system permissions of CodeArts.
|
Policy |
Description |
Type |
|---|---|---|
|
DevCloud Console FullAccess |
Full permissions for the CodeArts console. Users with these permissions can buy CodeArts resources. |
System-defined policy |
|
DevCloud Console ReadOnlyAccess |
Full permissions for the CodeArts console. Users with these permissions can only view the usage of CodeArts resources. |
System-defined policy |
Table 2 lists the common operations supported by each system-defined policy of CodeArts. Select a proper policy as required.
|
Console Operation |
DevCloud Console FullAccess |
DevCloud Console ReadOnlyAccess |
|---|---|---|
|
Check CodeArts Req resource usage |
√ |
√ |
|
View CodeArts Req subscription records |
√ |
√ |
|
View CodeArts Req resources |
√ |
√ |
|
Check CodeArts Repo resource usage |
√ |
√ |
|
View CodeArts Repo subscription records |
√ |
√ |
|
View CodeArts Repo resources |
√ |
√ |
|
Check CodeArts Check resource usage |
√ |
√ |
|
View CodeArts Check subscription records |
√ |
√ |
|
View CodeArts Check resources |
√ |
√ |
|
Check CodeArts Build resource usage |
√ |
√ |
|
View CodeArts Build subscription records |
√ |
√ |
|
View CodeArts Build resources |
√ |
√ |
|
Check CodeArts TestPlan – Test Management resource usage |
√ |
√ |
|
View CodeArts TestPlan – Test Management subscription records |
√ |
√ |
|
View CodeArts TestPlan – Test Management resources |
√ |
√ |
|
Subscribe to CodeArts TestPlan – APITest with pay-per-use billing |
√ |
× |
|
Unsubscribe from CodeArts TestPlan – APITest with pay-per-use billing |
√ |
× |
|
View CodeArts TestPlan – APITest subscription records |
√ |
√ |
|
View CodeArts TestPlan – APITest resources |
√ |
√ |
|
Check CodeArts TestPlan – APITest resource usage |
√ |
√ |
|
Check CodeArts Artifact resource usage |
√ |
√ |
|
View CodeArts Artifact subscription records |
√ |
√ |
|
View CodeArts Artifact resources |
√ |
√ |
|
Authorize an enterprise account |
√ |
× |
|
Cancel the authorization granted to an enterprise account |
√ |
× |
|
Accept or reject authorization to an enterprise account |
√ |
× |
|
View the authorization list |
√ |
√ |
|
Subscribe to a pay-per-use package |
√ |
× |
|
Unsubscribe from a pay-per-use package |
√ |
× |
|
View pay-per-use package subscription records |
√ |
√ |
The service names in permission policies may differ from those on the console. The mapping relationship between these names is shown in Table 3.
|
Service Name in Permission Policies |
Service Name on the Console |
|---|---|
|
DevCloud |
CodeArts |
|
ProjectMan |
CodeArts Req |
|
CodeHub |
CodeArts Repo |
|
CodeCheck |
CodeArts Check |
|
CloudBuild |
CodeArts Build |
|
CloudDeploy |
CodeArts Deploy |
|
CloudArtifact |
CodeArts Artifact |
|
CloudTest |
CodeArts TestPlan |
|
CloudPipeline |
CodeArts Pipeline |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
