Permission Management
If you want to manage employee access to DataArts Insight resources in your business with a high level of control, IAM is an excellent option for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, allowing you to manage accesses to your Huawei cloud resources.
With IAM, you can use your Huawei cloud account to create IAM users for your employees, and assign permissions to the users to control their access to specific resource types. For example, if you want some software developers in your business to be able to use DataArts Insight resources but do not want them to be able to delete DataArts Insight resources or perform any other high-risk operations, you can create IAM users and grant permission to use DataArts Insight resources but not permission to delete them.
If your Huawei Cloud account does not need individual IAM users for permissions management, skip over this section.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview.
DataArts Insight Permissions
By default, new IAM users do not have any permissions. You need to add them to one or more groups and attach permissions policies or roles to these groups. The users then inherit permissions from the groups and can perform specified operations on cloud services based on the permissions they have been assigned.
DataArts Insight is a project-level service deployed in specific regions. To assign DataArts Insight permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to apply. If All projects is selected, the permissions will take effect for the user group in all region-specific projects. When accessing DataArts Insight, the users need to switch to the authorized region.
- Roles: A coarse-grained authorization strategy that defines permissions by job responsibility. Only a limited number of service-level roles are available for authorization. If one role has a dependency role required for accessing SA, assign both roles to the users. Roles are not ideal for fine-grained authorization and least privilege access.
- Policies: A fine-grained authorization strategy that defines permissions required to perform operations on specific cloud resources under certain conditions. This type of authorization is more flexible and ideal for secure access control. For example, you can grant users only permission to manage a certain type of DataArts Insight instances.
|
Role/Policy Name |
Description |
Type |
|---|---|---|
|
DataArts Insight FullAccess |
Administrator permissions for DataArts Insight. Users with these permissions have full permissions for DataArts Insight, such as managing DataArts Insight projects and creating resources. |
System-defined policy |
|
DataArts Insight DevelopAccess |
Developer permissions for DataArts Insight. Users with these permissions can create data sources, datasets, dashboards, large screens, and more. |
System-defined policy |
|
DataArts Insight AnalysisAccess |
Analyst permissions for DataArts Insight. Users with these permissions can use created datasets to create dashboards and large screens. |
System-defined role |
|
DataArts Insight ReadOnlyAccess |
Read-only permissions for DataArts Insight. Users with these permissions can only view DataArts Insight resources like dashboards and large screens. |
System-defined role |
Table 2 lists the common operations supported by each system policy. You can choose required system policies according to this table.
|
Resource |
Operation |
DataArts Insight FullAccess |
DataArts Insight DevelopAccess |
DataArts Insight AnalysisAccess |
DataArts Insight ReadOnlyAccess |
|---|---|---|---|---|---|
|
Project |
Creating a project |
Y |
N |
N |
N |
|
Deleting a project |
Y |
N |
N |
N |
|
|
Editing a project |
Y |
N |
N |
N |
|
|
Listing projects |
Y |
N |
N |
N |
|
|
User tag |
Creating a user tag |
Y |
N |
N |
N |
|
Updating a user tag |
Y |
N |
N |
N |
|
|
Deleting a user tag |
Y |
N |
N |
N |
|
|
Listing user tags |
Y |
N |
N |
N |
|
|
Data source |
Creating a data source |
Y |
Y |
N |
N |
|
Editing a data source |
Y |
Y |
N |
N |
|
|
Listing data sources |
Y |
Y |
N |
N |
|
|
Querying details about a data source |
Y |
Y |
N |
N |
|
|
Uploading a file |
Y |
Y |
N |
N |
|
|
Listing files |
Y |
Y |
N |
N |
|
|
Deleting a file |
Y |
Y |
N |
N |
|
|
Dataset |
Creating a dataset |
Y |
Y |
N |
N |
|
Editing a dataset |
Y |
Y |
N |
N |
|
|
Listing datasets |
Y |
Y |
Y |
N |
|
|
Querying details about a dataset |
Y |
Y |
Y |
N |
|
|
Deleting a dataset |
Y |
Y |
N |
N |
|
|
Enabling row and column permissions |
Y |
Y |
N |
N |
|
|
Listing permissions |
Y |
Y |
N |
N |
|
|
Updating row and column permissions |
Y |
Y |
N |
N |
|
|
Deleting row and column permissions |
Y |
Y |
N |
N |
|
|
Dashboard |
Creating a dashboard |
Y |
Y |
Y |
N |
|
Editing a dashboard |
Y |
Y |
Y |
N |
|
|
Listing dashboards |
Y |
Y |
Y |
Y |
|
|
Querying details about a dashboard |
Y |
Y |
Y |
Y |
|
|
Deleting a dashboard |
Y |
Y |
Y |
N |
|
|
Publishing a dashboard |
Y |
Y |
Y |
N |
|
|
Taking a dashboard offline |
Y |
Y |
Y |
N |
|
|
Exporting report data |
Y |
Y |
Y |
Y |
|
|
Large screen |
Creating a large screen |
Y |
Y |
Y |
N |
|
Editing a large screen |
Y |
Y |
Y |
N |
|
|
Listing large screens |
Y |
Y |
Y |
Y |
|
|
Querying details about a large screen |
Y |
Y |
Y |
Y |
|
|
Deleting a large screen |
Y |
Y |
Y |
N |
|
|
Publishing a large screen |
Y |
Y |
Y |
N |
|
|
Taking a large screen offline |
Y |
Y |
Y |
N |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
