Identity Authentication and Access Control

Identity Authentication

You can access DataArts Insight through the DataArts Insight console or open APIs. In either way, access requests are sent through the RESTful APIs provided by DataArts Insight.

DataArts Insight APIs can be accessed upon successful authentication. Requests sent through the DataArts Insight console and requests for calling APIs can both be authenticated using tokens.

Access Control

You can use Identity and Access Management (IAM) to implement fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your HUAWEI CLOUD resources.

For more information about IAM, see IAM Service Overview.

You can grant users permissions by using roles and policies.

• Roles: A coarse-grained authorization mechanism provided by IAM to define permissions based on job responsibilities. Only a limited number of service-level roles are available. When using roles to grant permissions, you also need to assign the roles that the permissions depend on. Roles are not ideal for fine-grained authorization and secure access control.
• Policies: A fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This type of authorization is more flexible and is ideal for secure access control. For example, a specific user group is not allowed to delete a cluster. Only basic DataArts Insight operations (such as creating and querying jobs) are allowed.

Table 1 lists all the system-defined policies supported by DataArts Insight.