Help Center> ModelArts> API Reference> Use Cases> Managing ModelArts Authorization

Updated on 2023-12-14 GMT+08:00

View PDF

Managing ModelArts Authorization

This section describes how to manage agency authorization by calling ModelArts APIs.

Overview

The process of managing ModelArts authorization is as follows:

Call the API for authentication to obtain a user token, which will be added in a request header for authentication.
Call the API for creating a ModelArts agency to create an agency for ModelArts-dependent services, such as OBS and SWR.
Call the API for configuring authorization to configure ModelArts authorization. The administrator can use this API to set an agency for IAM users and set the access key of the current user.

ModelArts functions, such as data management, training management, development environment, and real-time services, can be used only after being authorized.
Call the API for obtaining the authorization list to view the authorization.
Call the API for deleting authorization to delete the authorization of a specified user or all users.

Prerequisites

You have obtained the IAM endpoint and ModelArts endpoint.
The following information is available: region where ModelArts is deployed, project name and ID, account name and ID, and username and ID.

Procedure

Call the API for authentication to obtain a user token.
1. Request body:
  URI: POST https://{iam_endpoint}/v3/auth/tokens
  
  Request header: Content-Type →application/json
  Request body:
```
{
  "auth": {
    "identity": {
      "methods": ["password"],
      "password": {
        "user": {
          "name": "user_name", 
          "password": "user_password",
          "domain": {
            "name": "domain_name"  
          }
        }
      }
    },
    "scope": {
      "project": {
        "name": "ap-southeast-1"  
      }
    }
  }
}
```
  Set the italic parameters based on site requirements.
  - iam_endpoint: IAM endpoint
  - user_name: IAM username
  - user_password: Login password of the user
  - domain_name: Account to which the user belongs
  - ap-southeast-1: Project name, which is the region where ModelArts is deployed
2. Status code 201 Created is returned. The X-Subject-Token value in the response header is the token.
```
x-subject-token → MIIZmgYJKoZIhvcNAQcCoIIZizCCGYcCAQExDTALBglghkgBZQMEAgEwgXXXXXX...
```
Call the API for creating a ModelArts agency to create an agency for ModelArts-dependent services, such as OBS, SWR, and IEF.
1. Request body:
  URI: POST https://{endpoint}/v2/{project_id}/agency
  Request header:
  - X-auth-Token →MIIZmgYJKoZIhvcNAQcCoIIZizCCGYcCAQExDTALBglghkgBZQMEAgEwgXXXXXX...
  - Content-Type →application/json
  Request body:
```
{
  "agency_name_suffix" : "iam-user01"
}
```
  Set the italic parameters based on site requirements.
  - endpoint: ModelArts endpoint
  - project_id: Your project ID
  - X-auth-Token: Token obtained in the previous step
  - agency_name_suffix: Customized suffix of the agency name
2. Response body with status code 200 OK returned (indicating that ma_agency_iam-user01 has been created):
```
{
    "agency_name": "ma_agency_iam-user01"
}
```
Call the API for configuring authorization to configure ModelArts authorization. The administrator can use this API to set an agency for IAM users and set the access key of the current user.
1. Request body:
  URI: POST https://{endpoint}/v2/{project_id}/authorizations
  Request header:
  - X-auth-Token →MIIZmgYJKoZIhvcNAQcCoIIZizCCGYcCAQExDTALBglghkgBZQMEAgEwgXXXXXX...
  - Content-Type →application/json
  Request body:
```
{
  "user_id": "****af917080f5d21f55c018ba19****",
  "type": "agency",
  "content": "ma_agency_iam-user01"
}
```
  Set the italic parameters based on site requirements. Set user_id to the IAM user ID and content to the ModelArts agency created in the previous step.
2. Response body with status code 200 OK returned (indicating that the authorization configuration is complete):
```
{
    "result": true
}
```

Call the API for obtaining the authorization list to view the authorization.

Request body:
URI: GET https://{endpoint}/v2/{project_id}/authorizations

Request header: X-auth-Token →MIIZmgYJKoZIhvcNAQcCoIIZizCCGYcCAQExDTALBglghkgBZQMEAgEwgXXXXXX...

Set the italic parameters based on site requirements.

Response body with status code 200 OK returned:

{
  "auth": [
    {
      "create_time": 1622804433221,
      "user_id": "all-users",
      "user_name": "all-users",
      "type": "agency",
      "content": "modelarts_agency"
    },
    {
      "create_time": 1625457065365,
      "user_id": "****af917080f5d21f55c018ba19****",
      "user_name": null,
      "type": "agency",
      "content": "ma_agency_iam-user01"
    }
  ],
  "total_count": 2
}

Obtain the authorization information based on the response.

Call the API for deleting authorization to delete the authorization of a specified user or all users.
1. Request body:
  URI: DELETE https://{endpoint}/v2/{project_id}/authorizations?user_id=****d80fb058844ae8b82aa66d9fe****
  
  Request header: X-auth-Token →MIIZmgYJKoZIhvcNAQcCoIIZizCCGYcCAQExDTALBglghkgBZQMEAgEwgXXXXXX...
  
  Set the italic parameters based on site requirements. Set ****d80fb058844ae8b82aa66d9fe**** to the IAM user ID of the specified user.
2. Response body with status code 200 OK returned (indicating that the authorization has been deleted):
```
{
    "result": true
}
```
3. If **user_id** is set to **all-users**, the authorization of all IAM users will be deleted. Response body with status code 200 OK returned (indicating that the authorization has been deleted):
```
{
    "result": true,
    "success_message": "Delete all-users auth info successfully!"
}
```