Permission Setting
If you need to assign different permissions to employees in your enterprise to access your CodeArts Deploy resources purchased on Huawei Cloud, IAM is a good choice for fine-grained permissions management. IAM provides identity authentication, fine-grained permissions management, and access control. It helps you secure access to your Huawei Cloud resources. If your Huawei Cloud account does not require IAM for permissions management, you can skip this section.
IAM is a free service provided by Huawei Cloud. You only pay for the resources in your account.
With IAM, you can control access to specific Huawei Cloud resources. For example, you can use IAM to grant different permissions to software developers in your enterprise to avoid high-risk operations, such as deletion of CodeArts Deploy.
IAM supports identity policy-based authorization. For details, see Table 1.
|
Authorization Model |
Core Relationship |
Permission |
Authorization Method |
Scenario |
|---|---|---|---|---|
|
Identity policy-based authorization |
User-policy |
|
|
Administrators can customize access control policies based on service requirements to implement fine-grained and flexible permission control. It provides more granular and flexible authorization methods for users. However, this model has higher requirements on permission management and professional capabilities. Therefore, it is more suitable for medium and large enterprises. |
Identity Policy-based Authorization
CodeArts Deploy supports identity policy-based authorization. Table 2 lists all identity policies in CodeArts Deploy.
|
Identity Policy Name |
Description |
Type |
|---|---|---|
|
CodeArtsDeployReadOnlyPolicy |
Read-only permission |
System identity policy |
|
CodeArtsDeployFullAccessPolicy |
Full permissions |
System identity policy |
|
CodeArtsDeployServiceAgencyPolicy |
Trust permissions for the CodeArts Deploy application agency. |
System identity policy |
Table 3 lists the common operations supported by system identity policies for CodeArts Deploy.
|
Operation |
CodeArts Deploy Read Only Policy |
CodeArts Deploy Full Access Policy |
|---|---|---|
|
Checking template details |
√ |
√ |
|
Checking application details |
√ |
√ |
|
Checking environment details |
√ |
√ |
|
Checking basic resources |
√ |
√ |
|
Checking the template lists |
√ |
√ |
|
Checking the application list |
√ |
√ |
|
Checking the application group list |
√ |
√ |
|
Checking the environment list |
√ |
√ |
|
Checking the basic resources list |
√ |
√ |
|
Creating templates |
× |
√ |
|
Deleting templates |
× |
√ |
|
Updating templates |
× |
√ |
|
Creating applications |
× |
√ |
|
Deleting applications |
× |
√ |
|
Updating applications |
× |
√ |
|
Disabling applications |
× |
√ |
|
Deploying applications |
× |
√ |
|
Cloning applications |
× |
√ |
|
Modifying application permission configurations |
× |
√ |
|
Managing application groups |
× |
√ |
|
Creating environments |
× |
√ |
|
Deleting environments |
× |
√ |
|
Updating environments |
× |
√ |
|
Modifying the permission configurations of deployment environments |
× |
√ |
|
Creating basic resources |
× |
√ |
|
Deleting basic resources |
× |
√ |
|
Modifying basic resources |
× |
√ |
|
Adding hosts to basic resources |
× |
√ |
|
Cloning hosts from basic resources |
× |
√ |
|
Configuring permissions for basic resources |
× |
√ |
Links
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
