Permissions Management
If your cloud account does not need individual IAM users for permissions management, you may skip over this chapter.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview.
DIS Permissions
By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign permissions roles to these groups. The user then inherits permissions from the groups it is a member of. This process is called authorization. After authorization, the users can perform specified operations.
DIS is a project-level service deployed in specific physical regions. DIS permissions are assigned to users in specific regions and only take effect for these regions. If you want the permissions to take effect for all regions, you need to assign the permissions to users in each region. When accessing DIS, the users need to switch to a region where they have been authorized to use cloud services.
Roles: A coarse-grained authorization mechanism provided by IAM to define permissions based on job responsibilities. This mechanism provides only a limited number of service-level roles for authorization. When using roles to grant permissions, you need to also assign other roles on which the permissions depend to take effect. However, roles are not an ideal choice for fine-grained authorization and secure access control.
Table 1 lists all the system permissions supported by DIS. Dependencies are permissions on which a system permission depends to take effect. For example, some DIS permissions are dependent on the permissions of other services. When assigning DIS permissions to users, you need to also assign dependent policies for the DIS permissions to take effect.
| System Role | Type | Description | Dependencies |
|---|---|---|---|
| DIS Administrator | System-defined role | Administrator permissions for DIS. Users granted these permissions can operate and use all DIS resources. | N/A |
| DIS Operator | System-defined role | Stream management permissions for DIS. Users granted these permissions can manage streams, such as creating or deleting streams, but cannot upload or download data. | N/A |
| DIS User | System-defined role | Stream use permissions for DIS. Users granted these permissions can upload and download data but cannot manage streams. | N/A |
Table 2 lists the common operations supported by each system permission of DIS. Choose proper system permissions according to this table.
| Operation | DIS Administrator | DIS Operator | DIS User |
|---|---|---|---|
| Creating streams | √ | √ | x |
| Deleting streams | √ | √ | x |
| Querying the stream list | √ | √ | √ |
| Querying stream details | √ | √ | √ |
| Viewing stream monitoring information | √ | √ | √ |
| Querying partition monitoring information | √ | √ | √ |
| Obtaining stream consumption information | √ | √ | √ |
| Changing partition quantity | √ | √ | x |
| Uploading data | √ | x | √ |
| Obtaining data cursors | √ | x | √ |
| Downloading data | √ | x | √ |
| Creating applications | √ | √ | √ |
| Querying application details | √ | √ | √ |
| Querying the application list | √ | √ | √ |
| Deleting applications | √ | √ | √ |
| Adding a checkpoint | √ | x | √ |
| Querying checkpoint details | √ | √ | √ |
| Deleting checkpoints | √ | x | √ |
| Creating dump tasks | √ | √ | √ |
| Querying dump task details | √ | √ | √ |
| Querying the dump task list | √ | √ | √ |
| Deleting dump tasks | √ | √ | √ |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
