Identity Authentication and Access Control

Identity Authentication

You can access CloudTable through the CloudTable console or CloudTable APIs. In either way, access requests are sent through the RESTful APIs provided by CloudTable.

CloudTable APIs can be accessed upon successful authentication. Requests sent through the CloudTable console and requests for calling APIs can both be authenticated using tokens.

Access Control

You can use Identity and Access Management (IAM) to implement fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your Huawei Cloud resources.

For more information about IAM, see IAM Service Overview.

You can grant permissions by using roles and policies.

• Roles: A coarse-grained authorization mechanism provided by IAM to define permissions based on job responsibilities. This mechanism provides a limited number of service-level roles for authorization. When using roles to grant permissions, you also need to assign the roles that the permissions depend on. Roles are not ideal for fine-grained authorization and least privilege access.
• Policies: A fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This type of authorization is more flexible and is ideal for secure access control. For example, a specific user group is not allowed to delete a cluster. Only basic CloudTable operations (such as creating and querying jobs) are allowed.

Table 1 lists all the system-defined roles and policies supported by CloudTable.