Updated on 2024-01-22 GMT+08:00

Overview

A microservice engine may be used by multiple users. Different users must have different microservice engine access and operation permissions based on their responsibilities and permissions.

The exclusive microservice engine with security authentication enabled provides the system management function using the role-based access control (RBAC) through the microservice console.

The exclusive microservice engine with security authentication enabled supports the access of Spring Cloud and Java chassis microservice frameworks.

  • The RBAC-based system management function is irrelevant to IAM permission management. It is only an internal permission management mechanism of CSE.
  • To operate a microservice engine on CSE, you must have both the IAM and RBAC permissions, and the IAM permission takes precedence over the RBAC permission.
  • If you perform operations on a microservice engine through APIs or the microservice framework, you only need to have the RBAC permissions.
  1. You can use an account associated with the admin role to create an account and associate a proper role with the account based on service requirements. The user who uses this account has the access and operation permissions on the microservice engine.
    • When you create an exclusive microservice engine with security authentication enabled, the system automatically creates the root account associated with the admin role. The root account cannot be edited or deleted.
    • You can create an account using the root account of the microservice engine or an account associated with the admin role of the microservice engine. For details about how to create and manage an account, see Accounts.
  1. You can create a custom role using an account associated with the admin role and grant proper microservice engine access and operation permissions to the role based on service requirements.
    • The system provides two default roles: administrator (admin) and developer (developer). Default roles cannot be edited or deleted.
    • You can create a custom role using the root account of the microservice engine or an account associated with the admin role of the microservice engine. For details about how to create and manage a role, see Roles.
    • For details about role permissions, see Table 1.
    Table 1 Role permissions

    Role

    Permission Description

    Admin

    Full permissions for all microservices, accounts, and roles of the microservice engine.

    Developer

    Full permissions for all microservices of the microservice engine.

    Custom role

    You can create roles based on service requirements and grant microservice operation permissions to the roles.