Help Center/ CloudTable Service/ Service Overview/ Security/ Identity Authentication and Access Control
Updated on 2025-08-19 GMT+08:00

Identity Authentication and Access Control

Identity Authentication

You can access CloudTable through the CloudTable console or CloudTable APIs. In either way, access requests are sent through the RESTful APIs provided by CloudTable.

CloudTable APIs can be accessed upon successful authentication. Requests sent through the CloudTable console and requests for calling APIs can both be authenticated using tokens.

Access Control

You can use Identity and Access Management (IAM) to implement fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your Huawei Cloud resources.

For more information about IAM, see IAM Service Overview.

You can grant permissions by using roles and policies.

  • Roles: A coarse-grained authorization mechanism provided by IAM to define permissions based on job responsibilities. This mechanism provides a limited number of service-level roles for authorization. When using roles to grant permissions, you also need to assign the roles that the permissions depend on. Roles are not ideal for fine-grained authorization and least privilege access.
  • Policies: A fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This type of authorization is more flexible and is ideal for secure access control. For example, a specific user group is not allowed to delete a cluster. Only basic CloudTable operations (such as creating and querying jobs) are allowed.

Table 1 lists all the system-defined roles and policies supported by CloudTable.

Table 1 CloudTable system-defined role

System-Defined Role

Description

Category

Dependencies

cloudtable Administrator

Administrator permissions for CloudTable

System-defined role

The Tenant Guest and Server Administrator roles need to be assigned in the same project.