- What's New
- Function Overview
- Service Overview (2.0)
- Billing (2.0)
- Getting Started (2.0)
-
User Guide (2.0)
- Introduction
- Access Center
- Dashboard
- Alarm Management
- Metric Browsing
- Log Analysis (New)
- Log Analysis (Old)
- Application Insights (Retiring)
-
Prometheus Monitoring
- Prometheus Monitoring
- Creating Prometheus Instances
- Managing Prometheus Instances
- Configuring a Recording Rule
- Metric Management
- Dashboard Monitoring
- Data Multi-Write
-
Access Guide
- Connecting Node Exporter
- Connecting Self-Built Middleware in the CCE Container Scenario
-
Exporter Access in the VM Scenario
- Access Overview
- MySQL Component Access
- Redis Component Access
- Kafka Component Access
- Nginx Component Access
- MongoDB Component Access
- Consul Component Access
- HAProxy Component Access
- PostgreSQL Component Access
- Elasticsearch Component Access
- RabbitMQ Component Access
- Access of Other Components
- Custom Plug-in Access
- Other Operations
- Obtaining the Service Address of a Prometheus Instance
- Regions that Support Public Network Addresses for Remote Write
- Viewing Prometheus Instance Data Through Grafana
- Reading Prometheus Instance Data Through Remote Read
- Reporting Self-Built Prometheus Instance Data to AOM
- Resource Usage Statistics
- Business Monitoring (Beta)
- Infrastructure Monitoring
- O&M Management (Retiring)
- Settings
- Remarks
- Permissions Management
- Auditing
- Subscribing to AOM 2.0
- Upgrading to AOM 2.0
-
Best Practices (2.0)
- AOM Best Practices
- Building a Comprehensive Metric System
- Alarm Noise Reduction
- Unified Metric Monitoring
- Customizing OS Images to Automatically Connect UniAgent
- Connecting Self-Built Middleware in the CCE Container Scenario
- Interconnecting Third-Party/IDC/Huawei Cloud Cross-Region Self-Built Prometheus with AOM Prometheus Instances
-
FAQs (2.0)
- Dashboard
- Alarm Management
- Log Analysis
- Prometheus Monitoring
- Infrastructure Monitoring
- Application Monitoring
-
Collection Management
- Are ICAgent and UniAgent the Same?
- What Can I Do If an ICAgent Is Offline?
- Why Is an Installed ICAgent Displayed as "Abnormal" on the UniAgent Installation and Configuration Page?
- Why Can't I View the ICAgent Status After It Is Installed?
- Why Can't AOM Monitor CPU and Memory Usage After ICAgent Is Installed?
- How Do I Obtain an AK/SK?
- FAQs About UniAgent and ICAgent Installation
- How Do I Enable the Nginx stub_status Module?
- Why Does APM Metric Collection Fail?
- Why Cannot the Installation Script Be Downloaded When I Try to Install UniAgent on an ECS?
- CMDB (Unavailable Soon)
-
O&M Management (Unavailable Soon)
- How Can I Obtain the OBS Permission for Installing Packages?
- Why Can't Scheduled Tasks Be Triggered?
- Can I Specify Script Parameters and Hosts During Job Execution?
- Why Is a Parameter Error Displayed When I Create a Scheduled Task Using a Cron Expression?
- How Can I Set a Review for an Execution Plan?
- Why Is "delete success:{}" Displayed (Files Cannot Be Deleted) During Disk Clearance?
- What Can I Do If the Execution Plan Is Not Updated After I Modify the Job?
- What Can I Do If "agent not found" Is Displayed?
- Why Are the Hosts Listed in Execution Logs Inconsistent with Those I Configured for a Task?
- Why Did a Task Fail to Execute?
- Other FAQs
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
APIs
-
Alarm
- Querying the Event Alarm Rule List
- Adding an Event Alarm Rule
- Modifying an Event Alarm Rule
- Deleting an Event Alarm Rule
- Querying Events and Alarms
- Counting Events and Alarms
- Reporting Events and Alarms
- Obtaining the Alarm Sending Result
- Deleting a Silence Rule
- Adding a Silence Rule
- Modifying a Silence Rule
- Obtaining the Silence Rule List
- Querying an Alarm Action Rule Based on Rule Name
- Adding an Alarm Action Rule
- Deleting an Alarm Action Rule
- Modifying an Alarm Action Rule
- Querying the Alarm Action Rule List
- Querying Metric or Event Alarm Rules
- Adding or Modifying Metric or Event Alarm Rules
- Deleting Metric or Event Alarm Rules
-
Monitoring
- Querying Time Series Objects
- Querying Time Series Data
- Querying Metrics
- Querying Monitoring Data
- Adding Monitoring Data
- Adding or Modifying One or More Service Discovery Rules
- Deleting a Service Discovery Rule
- Querying Existing Service Discovery Rules
- Adding a Threshold Rule
- Querying the Threshold Rule List
- Modifying a Threshold Rule
- Deleting a Threshold Rule
- Querying a Threshold Rule
- Deleting Threshold Rules in Batches
-
Prometheus Monitoring
- Querying Expression Calculation Results in a Specified Period Using the GET Method
- (Recommended) Querying Expression Calculation Results in a Specified Period Using the POST Method
- Querying the Expression Calculation Result at a Specified Time Point Using the GET Method
- (Recommended) Querying Expression Calculation Results at a Specified Time Point Using the POST Method
- Querying Tag Values
- Obtaining the Tag Name List Using the GET Method
- (Recommended) Obtaining the Tag Name List Using the POST Method
- Querying Metadata
- Log
- Prometheus Instance
- Configuration Management
-
CMDB (AOM 2.0)
- Creating an Application
- Deleting an Application
- Querying the Details of an Application
- Modifying an Application
- Adding a Component
- Deleting a Component
- Querying the Details of a Component
- Modifying a Component
- Creating an Environment
- Deleting an Environment
- Querying the Details of an Environment
- Modifying an Environment
- Querying the Resource List of a Node
- Querying the Details of an Application Based on the Application Name
- Querying the Details of an Environment Based on the Environment Name
- Querying the Details of a Component Based on the Component Name
- Adding a Sub-application
- Deleting a Sub-application
- Modifying a Sub-application
-
Automation (AOM 2.0)
- Creating a Task
- Updating a Task
- Operating a Paused Task
- Obtaining the Execution Details of a Workflow
- Terminating a Task
- Querying a Script
- Querying the Script Version
- Performing Fuzzy Search on the Job Management Page
- Querying Execution Plans (Custom Templates) Based on Job ID
- Querying the Details of an Execution Plan
- Querying Tasks
- Querying the Execution History of a Task
- Executing a Workflow
-
Alarm
- Historical APIs
- Examples
- Permissions Policies and Supported Actions
- Appendix
- SDK Reference
-
Service Overview (1.0)
- What Is AOM?
- Product Architecture
- Functions
- Application Scenarios
- Edition Differences
-
Metric Overview
- Introduction
- Network Metrics and Dimensions
- Disk Metrics and Dimensions
- Disk Partition Metrics
- File System Metrics and Dimensions
- Host Metrics and Dimensions
- Cluster Metrics and Dimensions
- Container Metrics and Dimensions
- VM Metrics and Dimensions
- Instance Metrics and Dimensions
- Service Metrics and Dimensions
- Security
- Restrictions
- Privacy and Sensitive Information Protection Statement
- Relationships Between AOM and Other Services
- Basic Concepts
- Permissions
- Billing
- Change History
- Getting Started (1.0)
-
User Guide (1.0)
- Overview
- Subscribing to AOM
- Permissions Management
- Connecting Resources to AOM
- Monitoring Overview
- Alarm Management
- Resource Monitoring
- Log Management
- Configuration Management
- Resource Groups
- Auditing
- Upgrading to AOM 2.0
- Best Practices (1.0)
-
FAQs (1.0)
- User FAQs
-
Consultation FAQs
- What Is the Billing Policy of AOM?
- What Are the Usage Restrictions of AOM?
- What Are the Differences Between AOM and APM?
- How Do I Distinguish Alarms from Events?
- What Is the Relationship Between the Time Range and Statistical Cycle?
- Does AOM Display Logs in Real Time?
- Will Container Logs Be Deleted After They Are Dumped?
- How Can I Do If I Cannot Receive Any Email Notification After Configuring a Threshold Rule?
- Why Are Connection Channels Required?
-
Usage FAQs
- What Can I Do If I Do Not Have the Permission to Access SMN?
- What Can I Do If Resources Are Not Running Properly?
- How Do I Set the Full-Screen Online Duration?
- What Can I Do If the Log Usage Reaches 90% or Is Full?
- How Do I Obtain an AK/SK?
- How Can I Check Whether a Service Is Available?
- Why Is the Status of an Alarm Rule Displayed as "Insufficient"?
- Why the Status of a Workload that Runs Normally Is Displayed as "Abnormal" on the AOM Page?
- How Do I Create the apm_admin_trust Agency?
- How Do I Obtain the AK/SK by Creating an Agency?
- What Is the Billing Policy of Logs?
- Why Can't I See Any Logs on the Console?
- What Can I Do If an ICAgent Is Offline?
- Why Can't the Host Be Monitored After ICAgent Is Installed?
- Why Is "no crontab for root" Displayed During ICAgent Installation?
- Why Can't I Select an OBS Bucket When Configuring Log Dumping on AOM?
- Why Can't Grafana Display Content?
- Videos
-
More Documents
-
User Guide (1.0) (Kuala Lumpur Region)
-
Service Overview
- What Is AOM?
- Product Architecture
- Functions
- Application Scenarios
-
Metric Overview
- Introduction
- Network Metrics and Dimensions
- Disk Metrics and Dimensions
- Disk Partition Metrics
- File System Metrics and Dimensions
- Host Metrics and Dimensions
- Cluster Metrics and Dimensions
- Container Metrics and Dimensions
- VM Metrics and Dimensions
- Instance Metrics and Dimensions
- Service Metrics and Dimensions
- Restrictions
- Privacy and Sensitive Information Protection Statement
- Relationships Between AOM and Other Services
- Basic Concepts
- Permissions
- Getting Started
- Permissions Management
- Connecting Resources to AOM
- Monitoring Overview
- Alarm Management
- Resource Monitoring
- Log Management
- Configuration Management
- Auditing
- Upgrading to AOM 2.0
-
FAQs
- User FAQs
-
Consultation FAQs
- What Are the Usage Restrictions of AOM?
- What Are the Differences Between AOM and APM?
- How Do I Distinguish Alarms from Events?
- What Is the Relationship Between the Time Range and Statistical Cycle?
- Does AOM Display Logs in Real Time?
- How Can I Do If I Cannot Receive Any Email Notification After Configuring a Threshold Rule?
- Why Are Connection Channels Required?
-
Usage FAQs
- What Can I Do If I Do Not Have the Permission to Access SMN?
- What Can I Do If Resources Are Not Running Properly?
- How Do I Set the Full-Screen Online Duration?
- How Do I Obtain an AK/SK?
- How Can I Check Whether a Service Is Available?
- Why Is the Status of an Alarm Rule Displayed as "Insufficient"?
- Why the Status of a Workload that Runs Normally Is Displayed as "Abnormal" on the AOM Page?
- How Do I Create the apm_admin_trust Agency?
- What Can I Do If an ICAgent Is Offline?
- Why Is "no crontab for root" Displayed During ICAgent Installation?
- Change History
-
Service Overview
-
User Guide (2.0) (Kuala Lumpur Region)
- Service Overview
- Getting Started
- Introduction
- Access Center
- Dashboard
- Alarm Management
-
Metric Analysis
- Metric Browsing
- Prometheus Monitoring
- Resource Usage Statistics
- Log Analysis (Beta)
- Container Insights
- Infrastructure Monitoring
- Process Monitoring
- Collection Management
- Configuration Management
- Remarks
- Permissions Management
- Auditing
- Upgrading to AOM 2.0
-
FAQs
- Overview
- Dashboard
- Alarm Management
- Log Analysis
- Prometheus Monitoring
- Container Insights
- Application Monitoring
-
Collection Management
- Are ICAgent and UniAgent the Same?
- What Can I Do If an ICAgent Is Offline?
- Why Is an Installed ICAgent Displayed as "Abnormal" on the Agent Management Page?
- Why Can't I View the ICAgent Status After It Is Installed?
- Why Can't AOM Monitor CPU and Memory Usage After ICAgent Is Installed?
- How Do I Obtain an AK/SK?
- FAQs About ICAgent Installation
- Other FAQs
- Change History
-
API Reference (Kuala Lumpur Region)
- Before You Start
- API Overview
- Calling APIs
-
APIs
-
Alarm
- Querying the Event Alarm Rule List
- Adding an Event Alarm Rule
- Modifying an Event Alarm Rule
- Deleting an Event Alarm Rule
- Obtaining the Alarm Sending Result
- Deleting a Silence Rule
- Adding a Silence Rule
- Modifying a Silence Rule
- Obtaining the Silence Rule List
- Querying an Alarm Action Rule Based on Rule Name
- Adding an Alarm Action Rule
- Deleting an Alarm Action Rule
- Modifying an Alarm Action Rule
- Querying the Alarm Action Rule List
- Querying Events and Alarms
- Counting Events and Alarms
- Reporting Events and Alarms
-
Monitoring
- Querying Time Series Objects
- Querying Time Series Data
- Querying Metrics
- Querying Monitoring Data
- Adding Monitoring Data
- Adding or Modifying One or More Service Discovery Rules
- Deleting a Service Discovery Rule
- Querying Existing Service Discovery Rules
- Adding a Threshold Rule
- Querying the Threshold Rule List
- Modifying a Threshold Rule
- Deleting a Threshold Rule
- Querying a Threshold Rule
- Deleting Threshold Rules in Batches
- Log
-
Alarm
- Examples
- Permissions Policies and Supported Actions
- Appendix
- Change History
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
- User Guide
-
FAQs
- What Can I Do If an ICAgent Is Offline?
- Obtaining an AK/SK
- What Is the Relationship Between the Time Range and Statistical Cycle?
- What Can I Do If Resources Are Not Running Properly?
- How Can I Do If I Do Not Have the Permission to Access SMN?
- How Do I Distinguish Alarms and Events?
- Does AOM Display Logs in Real Time?
- How Can I Check Whether a Service Is Available?
- Why Is the Status of an Alarm Rule Displayed as "Insufficient"?
- Why the Status of a Workload that Runs Normally Is Abnormal on the AOM Page?
-
API Reference(ME-Abu Dhabi Region)
- Before You Start
- API Overview
- Calling APIs
-
APIs
-
Monitoring (v1)
- Querying Metrics
- Querying Monitoring Data
- Adding Monitoring Data
- Adding a Threshold Rule
- Modifying a Threshold Rule
- Querying the Threshold Rule List
- Querying a Threshold Rule
- Deleting a Threshold Rule
- Adding or Modifying One or More Application Discovery Rules
- Deleting an Application Discovery Rule
- Querying Application Discovery Rules
- Auto Scaling
- Log
-
Monitoring (v1)
- Permissions Policies and Supported Actions
- Appendix
-
User Guide (Ankara Region)
- Service Overview
- Getting Started
- User Guide
-
FAQs
- What Can I Do If an ICAgent Is Offline?
- How Do I Obtain an AK/SK?
- What Can I Do If Resources Are Not Running Properly?
- How Can I Do If I Do Not Have the Permission to Access SMN?
- How Do I Distinguish Alarms from Events?
- Does AOM Display Logs in Real Time?
- Why Is the Application Status Normal but the Component Status Abnormal?
- Best Practices
- Change History
-
API Reference (Ankara Region)
- Before You Start
- API Overview
- Calling APIs
-
APIs
-
Monitoring (v1)
- Querying Metrics
- Querying Monitoring Data
- Adding Monitoring Data
- Adding a Threshold Rule
- Modifying a Threshold Rule
- Querying the Threshold Rule List
- Querying a Threshold Rule
- Deleting a Threshold Rule
- Adding or Modifying One or More Application Discovery Rules
- Deleting an Application Discovery Rule
- Querying Application Discovery Rules
- Monitoring (v2)
- Auto Scaling
- Log
- Events/Alarms
- Agent
- Application Discovery Rules
-
Prometheus Monitoring
- Querying Expression Calculation Results in a Specified Period
- Querying the Expression Calculation Result at a Specified Time Point
- Querying Tag Values
- Obtaining the Tag Name List
- Querying Metadata
- Querying the Calculation Results of a PromQL Expression in a Specified Period Based on Prometheus Instance
- Querying the Calculation Result of a PromQL Expression at a Specified Time Point Based on Prometheus Instance
- Querying the Values of a Tag Based on Prometheus Instance
- Obtaining the Tag Name List Based on Prometheus Instance
- Querying Metadata Based on Prometheus Instance
-
Monitoring (v1)
- Appendix
- Change History
-
User Guide (1.0) (Kuala Lumpur Region)
- General Reference
Show all
Copied.
Permissions
If you need to assign different permissions to employees in your enterprise to access your AOM resources, Identity and Access Management (IAM) is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your AOM resources.
With IAM, you can use your account to create IAM users for your employees, and assign permissions to the users to control their access to specific types of resources. For example, some software developers in your enterprise need to use AOM resources but are not allowed to delete them or perform any high-risk operations such as deleting application discovery rules. To achieve this result, you can create IAM users for the software developers and grant them only the permissions required for using AOM resources.
If your cloud account does not need individual IAM users for permissions management, you may skip over this chapter.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview.
AOM Permissions
By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign permissions policies or roles to these groups. The user then inherits permissions from the groups it is a member of. This process is called authorization. After authorization, the user can perform specified operations on AOM.
AOM is a project-level service deployed and accessed in specific physical regions. To assign AOM permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect. If All projects is selected, the permissions will take effect for the user group in all region-specific projects. When accessing AOM, the users need to switch to a region where they have been authorized to use this service.
You can grant users permissions by using roles and policies.
- Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. This mechanism provides only a limited number of service-level roles for authorization. When using roles to grant permissions, you also need to assign dependency roles. However, roles are not an ideal choice for fine-grained authorization and secure access control.
- Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for more flexible policy-based authorization, meeting requirements for secure access control. For example, you can grant Elastic Cloud Server (ECS) users only the permissions for managing a certain type of ECSs. Most policies define permissions based on APIs. For the API actions supported by AOM, see Permissions Policies and Supported Actions.
Policy Name |
Description |
Type |
Depended System Permissions |
---|---|---|---|
AOM FullAccess |
Administrator permissions for AOM. Users granted these permissions can operate and use AOM. |
System-defined policy |
CCE Administrator, OBS Administrator, and LTS FullAccess |
AOM ReadOnlyAccess |
Read-only permissions for AOM. Users granted these permissions can only view AOM data. |
System-defined policy |
Table 2 lists the common operations supported by each system-defined policy of AOM. Please choose proper system-defined policies according to this table.
Operation |
AOM FullAccess |
AOM ReadOnlyAccess |
---|---|---|
Creating a threshold rule |
√ |
x |
Modifying a threshold rule |
√ |
x |
Deleting a threshold rule |
√ |
x |
Creating a threshold template |
√ |
x |
Modifying a threshold template |
√ |
x |
Deleting a threshold template |
√ |
x |
Creating a dashboard |
√ |
x |
Modifying a dashboard |
√ |
x |
Deleting a dashboard |
√ |
x |
Creating an alarm action rule |
√ |
x |
Modifying an alarm action rule |
√ |
x |
Deleting an alarm action rule |
√ |
x |
Creating a message template |
√ |
x |
Modifying a message template |
√ |
x |
Deleting a message template |
√ |
x |
Creating a grouping rule |
√ |
x |
Modifying a grouping rule |
√ |
x |
Deleting a grouping rule |
√ |
x |
Creating a suppression rule |
√ |
x |
Modifying a suppression rule |
√ |
x |
Deleting a suppression rule |
√ |
x |
Creating a silence rule |
√ |
x |
Modifying a silence rule |
√ |
x |
Deleting a silence rule |
√ |
x |
Creating an application discovery rule |
√ |
x |
Modifying an application discovery rule |
√ |
x |
Deleting an application discovery rule |
√ |
x |
Exporting a monitoring report |
√ |
√ |
Configuring a VM log collection path |
√ |
x |
Viewing bucket logs |
√ |
√ |
Adding a log dump |
√ |
x |
Modifying a log dump |
√ |
x |
Deleting a log dump |
√ |
x |
Starting periodical dump |
√ |
x |
Stopping periodical dump |
√ |
x |
Creating a statistical rule |
√ |
x |
Modifying a statistical rule |
√ |
x |
Deleting a statistical rule |
√ |
x |
Configuring a delimiter |
√ |
x |
Installing the ICAgent |
√ |
√ |
Upgrading the ICAgent |
√ |
x |
Uninstalling the ICAgent |
√ |
x |
To use a custom fine-grained policy, log in to IAM as the administrator and select fine-grained permissions of AOM as required. For details, see Table 3
Permission Name |
Description |
Dependency |
Scenario |
---|---|---|---|
aom:alarmRule:create |
Creating a threshold rule |
N/A |
Creating a threshold rule |
aom:alarmRule:set |
Modifying a threshold rule |
Modifying a threshold rule |
|
aom:alarmRule:get |
Querying threshold rules |
Querying all threshold rules or a single threshold rule by rule ID |
|
aom:alarmRule:delete |
Deleting threshold rules |
Deleting threshold rules in batches or a single threshold rule by rule ID |
|
aom:discoveryRule:list |
Querying application discovery rules |
Querying existing application discovery rules |
|
aom:discoveryRule:delete |
Deleting an application discovery rule |
Deleting an application discovery rule |
|
aom:discoveryRule:set |
Adding an application discovery rule |
Adding an application discovery rule |
|
aom:metric:list |
Querying time series objects |
Querying time series objects |
|
aom:metric:list |
Querying time series data |
Querying time series data |
|
aom:metric:get |
Querying metrics |
Querying metrics |
|
aom:metric:get |
Querying monitoring data |
Querying monitoring data |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot