Introduction
This section describes fine-grained permissions management for ModelArts. If your Huawei Cloud account does not require individual IAM users, skip this section.
New IAM users do not have any permissions assigned by default. You need to first add them to one or more groups and attach policies or roles to these groups. The users then inherit permissions from the groups and can perform specified operations on cloud services based on the permissions they have been assigned.
You can grant users permissions by using roles and policies. Roles are provided by IAM to define service-based permissions that match users' job responsibilities. Policies are more fine-grained, API-based permissions required to perform operations on specific cloud resources under certain conditions, meeting requirements for secure access control.
If you want to allow or deny the access to an API, use fine-grained policies.
An account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions. The required permissions are determined by the actions supported by the API. Only users with the policies allowing for those actions can call the API successfully. For example, if an IAM user wants to create notebook instances using an API, the user must have been granted permissions that allow the modelarts:notebook:create action.
Supported Actions
ModelArts provides system policies that can be directly used in IAM. You can also create custom policies and use them to supplement system policies, implementing more refined access control. The following are related concepts:
- Permission: A statement in a policy that allows or denies certain operations.
- APIs: REST APIs that can be called in a custom policy.
- Actions: specific operations that are allowed or denied.
- Dependencies: actions which a specific action depends on. When allowing an action for a user, you also need to allow its dependent actions for that user.
- IAM or enterprise projects: Type of projects for which an action will take effect. Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only. For details about the differences between IAM and enterprise projects, see Differences Between IAM and Enterprise Management.
√: supported; x: not supported
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
