- What's New
- Function Overview
- Service Overview
- Billing
-
Getting Started
- Creating a Function from Scratch and Executing the Function
- Creating a Function Using a Template and Executing the Function
- Creating an HTTP Function Using a Container Image and Executing the Function
- Creating an Event Function Using a Container Image and Executing the Function
- Getting Started with Common Practices
-
User Guide
- Replacing the Temporary AK/SK
- Before You Start
- Building Functions
-
Configuring Functions
- Configuring Initialization
- Configuring Basic Settings
- Configuring Agency Permissions
- Configuring the Network
- Configuring Disk Mounting
- Configuring Environment Variables
- Configuring Asynchronous Execution Notification
- Configuring Single-Instance Multi-Concurrency
- Managing Versions
- Managing Aliases
- Configuring Dynamic Memory
- Configuring Heartbeat Function
- Configuring Tags
- Configuring Snapshot-based Cold Start
- Configuring a Log Group and Log Stream
- Shared VPC
- Online Debugging
-
Creating Triggers
- Managing Triggers
- Using a Timer Trigger
- Using an APIG (Dedicated) Trigger
- Using a Kafka Trigger
- Using a DIS Trigger
- Using an SMN Trigger
- Using an LTS Trigger
- Using a CTS Trigger
- Using a DDS Trigger
- Using a GeminiDB Mongo Trigger
- Using an APIG Trigger
- Using an APIC Trigger
- Using a DMS (for RabbitMQ) Trigger
- Using an Open-Source Kafka Trigger
- Cron Expressions for a Function Timer Trigger
- Using an EG Trigger
- Invoking the Function
- Monitoring
- Function Management
- Dependency Management
- Reserved Instance Management (Old)
- Reserved Instance Management
- Flow Management
- Increasing Resource Quota
- GPU Function Management
- Application Center
- Sharing
- Programmable CDN Function
- CLI Command Reference
- Audit
-
Best Practices
- FunctionGraph Best Practices
- Processing DIS Data
- Integrating with LTS to Analyze Logs in Real Time
- Integrating with CTS to Analyze Login/Logout Security
- Periodically Starting or Stopping Huawei Cloud ECSs
- Building an HTTP Function with Spring Boot
- Creating a FunctionGraph Backend API That Uses a Custom Authorizer
- Uploading Files with FunctionGraph and APIG
- Processing IoT Data
- Workflow + Function: Automatically Processing Data in OBS
- Filtering Logs in Real Time by Using FunctionGraph and LTS
- Building an HTTP Function with Go
- Using FunctionGraph HTTP Functions to Process gRPC Requests
- Cold Start Optimization Practices
-
Developer Guide
- Overview
- Initializer
- Node.js
- Python
- Java
- Go
- C#
- PHP
- Development Tools
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- Examples
- Extension and OpenTelemetry APIs
-
APIs
- Function Invocation
- Function Quotas
- Dependencies
- Test Events
- Function Tracing
-
Function Lifecycle Management
- Querying Functions
- Creating a Function
- Deleting a Function or Function Version
- Querying the Code of a Function
- Modifying the Code of a Function
- Querying the Metadata of a Function
- Modifying the Metadata of a Function
- Updating Max. Instances of a Function
- Querying Function Tags
- Enabling or Disabling the Snapshot Function
- Querying ServiceBridge Functions Bound to a Specified Function
- Querying Snapshot Status
- Querying Resource Tags
- Querying Resources
- Deleting Resource Tags
- Creating Resource Tags
- Creating a VPC Endpoint
- Deleting a VPC Endpoint
- Updating the Pinning Status of a Function
- Querying the Available ServiceBridge Version
- Versions and Aliases
- Function Metrics
- Function Logs
- Function Templates
- Reserved Instances
- Function Import and Export
- Function Triggers
-
Function Flows
- Executing a Flow Synchronously
- Executing a Flow Asynchronously
- Deleting Flows
- Querying a Flow
- Creating a Flow
- Querying Instances of a Flow
- Querying a Flow Instance
- Querying Metadata of a Flow Instance
- Modifying Metadata of a Flow Instance
- Querying Flow Metrics
- Querying Metrics of a Flow
- Re-executing a Flow
- Stopping a Flow
- Querying Records of a Flow in Pagination Mode
- Calling Back a Flow
-
Asynchronous Execution Notification
- Querying Asynchronous Execution Notification Settings of a Function Version
- Deleting Asynchronous Execution Notification Settings
- Configuring Asynchronous Execution Notification
- Querying Asynchronous Execution Notification Settings of a Function's All Versions
- Querying Asynchronous Invocation Requests
- Querying Active Asynchronous Invocation Requests
- Stopping an Asynchronous Invocation Request
- Permissions Policies and Supported Actions
- Appendix
- Change History
- SDK Reference
-
FAQs
-
General FAQs
- What Is FunctionGraph?
- Do I Need to Apply for Any Compute, Storage, or Network Services When Using FunctionGraph?
- Do I Need to Deploy My Code After Programming?
- How Do I Obtain a Token?
- What Runtimes Does FunctionGraph Support?
- How Much Disk Space Is Allocated to Each FunctionGraph Function?
- Does FunctionGraph Support Function Versioning?
- How Does a Function Read or Write Files?
- How Do I Set a Proxy When Using CLI?
- Does FunctionGraph Support Function Extension?
- Which Permissions Are Required for an IAM User to Use FunctionGraph?
- How Can I Create an ODBC Drive-based Python Dependency Package for Database Query?
- What Is the Quota of FunctionGraph?
- What Chinese Fonts Does FunctionGraph Support?
- How Does FunctionGraph Resolve a Private DNS Domain Name?
- How Does a Container Image–based Function Resolve a Private DNS Domain Name?
- How Do I Use a Domain Name to Access an API Registered with API Gateway (Dedicated)?
- What Are the Common Application Scenarios of FunctionGraph?
- Why Can't the API Gateway Domain Name Bound to a Service Be Resolved During Function Invocation?
- Does FunctionGraph Support Synchronous Transmission at the Maximum Intranet Bandwidth?
- What If the VPC Quota Is Used Up?
- How Can I Print Info, Error, or Warn Logs?
- Can I Set the Domain Name of an API to My Own Domain Name?
- Can I Change the Runtime?
- Can I Change a Function's Name?
- Why Is Message "failed to mount exist system path" Displayed?
- How Do I Obtain Uploaded Files?
- Why Can't I Receive Responses for Synchronous Invocation?
- What Should I Do If the os.system("command &") Execution Logs Are Not Collected?
- Which Directories Can Be Accessed When a Custom Runtime Is Used?
- Which Minor Versions of Python 3.6 and 3.9 Are Supported?
- Which Actions Can Be Used Instead of a VPC Administrator Agency for VPC Access?
- What Are the Possible Causes for Function Timeout?
- How Do I Obtain the Code of a Function?
- Do You Have Sample Code for Initializers?
- How Do I Enable Structured Log Query?
- Can I Enable a Listening Port in a Function to Receive External TCP Requests via EIP?
- Does FunctionGraph Support Domain Name Resolution?
- How Do I Obtain the Source IP Address of an HTTP Request Initiated by a Function?
- Function Creation FAQs
-
Trigger Management FAQs
- What Events Can Trigger a FunctionGraph Function?
- What If Error Code 500 Is Reported When Functions that Use APIG Triggers Return Strings?
- What Do LATEST and TRIM_HORIZON Mean in DIS Trigger Configuration?
- How Do I Use an APIG Trigger to Invoke a Function?
- How Does a Function Obtain the Request Path or Parameters When Using an APIG Trigger?
- Can I Configure a Kafka Trigger in a Different Subnet from My Function?
-
Dependency Management FAQs
- What Is a Dependency?
- When Do I Need a Dependency?
- What Are the Precautions for Using a Dependency?
- What Dependencies Does FunctionGraph Support?
- Does FunctionGraph Support Class Libraries?
- How Do I Use Third-Party Dependencies on FunctionGraph?
- How Do I Create Function Dependencies?
- How Do I Create a Dependency on the FunctionGraph Console?
- How Do I Add a Dependency to a Function?
-
Function Execution FAQs
- How Long Does It Take to Execute a FunctionGraph Function?
- Which Steps Are Included in Function Execution?
- How Does FunctionGraph Process Concurrent Requests?
- What If Function Instances Have Not Been Executed for a Long Time?
- How Can I Speed Up Initial Access to a Function?
- How Do I Know the Actual Memory Used for Function Execution?
- Why Is My First Request Slow?
- What Do I Do If an Error Occurs When Calling an API?
- How Do I Read the Request Header of a Function?
- Can the Synchronous Execution Interface Be Invoked on a Private Network?
- Why Does a Function Use More Memory Than Estimated and Even Trigger the Out of Memory Alarm?
- How Do I Check the Memory Usage When Seeing "runtime memory limit exceeded"?
- How Do I Troubleshoot "CrashLoopBackOff"?
- After I Updated an Image with the Same Name, Reserved Instances Still Use the Old Image. What Can I Do?
- Function Configuration FAQs
- External Resource Access FAQs
-
Other FAQs
- How Do I View the Alarm Rules Configured for a Function?
- Does FunctionGraph Support ZIP Decompiling During Video Transcoding?
- Will Resources Created During FunctionGraph 2.0 OBT Be Automatically Released When They Expire? Will Them Be Billed?
- What Is an App in FunctionGraph?
- Do I Need to Pay for Cold Start Time?
- Why Am I Seeing a Message Indicating that My Account Was Suspended When Creating a Function?
- Will the Requests of All My Functions in Different Regions Be Billed?
- Migration from FunctionGraph V1 to V2
-
General FAQs
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
- Before You Start
- Building Functions
-
Configuring Functions
- Configuring Initialization
- Configuring Basic Settings
- Configuring Agency Permissions
- Configuring the Network
- Configuring Disk Mounting
- Configuring Environment Variables
- Configuring Asynchronous Execution Notification
- Configuring Single-Instance Multi-Concurrency
- Managing Versions
- Managing Aliases
- Configuring Dynamic Memory
- Configuring Heartbeat Function
- Online Debugging
- Creating Triggers
- Invoking the Function
- Monitoring
- Function Management
- Dependency Management
- Reserved Instance Management
- Increasing Resource Quota
- Audit
-
FAQs
-
General FAQs
- What Is FunctionGraph?
- Do I Need to Apply for Any Compute, Storage, or Network Services When Using FunctionGraph?
- Do I Need to Deploy My Code After Programming?
- What Runtimes Does FunctionGraph Support?
- How Much Disk Space Is Allocated to Each FunctionGraph Function?
- Does FunctionGraph Support Function Versioning?
- How Does a Function Read or Write Files?
- Does FunctionGraph Support Function Extension?
- Which Permissions Are Required for an IAM User to Use FunctionGraph?
- How Can I Create an ODBC Drive-based Python Dependency Package for Database Query?
- What Is the Quota of FunctionGraph?
- How Does FunctionGraph Resolve a Private DNS Domain Name?
- How Does a Container Image–based Function Resolve a Private DNS Domain Name?
- How Do I Use a Domain Name to Access an API Registered with API Gateway (Dedicated)?
- What Are the Common Application Scenarios of FunctionGraph?
- Why Can't the API Gateway Domain Name Bound to a Service Be Resolved During Function Invocation?
- Does FunctionGraph Support Synchronous Transmission at the Maximum Intranet Bandwidth?
- What If the VPC Quota Is Used Up?
- How Can I Print Info, Error, or Warn Logs?
- Can I Set the Domain Name of an API to My Own Domain Name?
- Can I Change the Runtime?
- Can I Change a Function's Name?
- Why Is Message "failed to mount exist system path" Displayed?
- How Do I Obtain Uploaded Files?
- Why Can't I Receive Responses for Synchronous Invocation?
- What Should I Do If the os.system("command &") Execution Logs Are Not Collected?
- Which Directories Can Be Accessed When a Custom Runtime Is Used?
- Which Minor Versions of Python 3.6 and 3.9 Are Supported?
- Which Actions Can Be Used Instead of a VPC Administrator Agency for VPC Access?
- What Are the Possible Causes for Function Timeout?
- How Do I Obtain the Code of a Function?
- Do You Have Sample Code for Initializers?
- How Do I Enable Structured Log Query?
- Can I Enable a Listening Port in a Function to Receive External TCP Requests via EIP?
- Function Creation FAQs
-
Trigger Management FAQs
- What Events Can Trigger a FunctionGraph Function?
- What If Error Code 500 Is Reported When Functions that Use APIG Triggers Return Strings?
- What Do LATEST and TRIM_HORIZON Mean in DIS Trigger Configuration?
- Why Can't I Enable or Disable OBS Triggers by Calling APIs?
- How Do I Use an APIG Trigger to Invoke a Function?
- How Does a Function Obtain the Request Path or Parameters When Using an APIG Trigger?
- Can I Create an OBS Trigger with an Existing Bucket?
-
Dependency Management FAQs
- What Is a Dependency?
- When Do I Need a Dependency?
- What Are the Precautions for Using a Dependency?
- What Dependencies Does FunctionGraph Support?
- Does FunctionGraph Support Class Libraries?
- How Do I Use Third-Party Dependencies on FunctionGraph?
- How Do I Create Function Dependencies?
- How Do I Create a Dependency on the FunctionGraph Console?
- How Do I Add a Dependency to a Function?
-
Function Execution FAQs
- How Long Does It Take to Execute a FunctionGraph Function?
- Which Steps Are Included in Function Execution?
- How Does FunctionGraph Process Concurrent Requests?
- What If Function Instances Have Not Been Executed for a Long Time?
- How Can I Speed Up Initial Access to a Function?
- How Do I Know the Actual Memory Used for Function Execution?
- Why Is My First Request Slow?
- What Do I Do If an Error Occurs When Calling an API?
- How Do I Read the Request Header of a Function?
- Why Does a Function Use More Memory Than Estimated and Even Trigger the Out of Memory Alarm?
- How Do I Check the Memory Usage When Seeing "runtime memory limit exceeded"?
- How Do I Troubleshoot "CrashLoopBackOff"?
- After I Updated an Image with the Same Name, Reserved Instances Still Use the Old Image. What Can I Do?
- Function Configuration FAQs
- External Resource Access FAQs
- Other FAQs
-
General FAQs
-
API Reference (ME-Abu Dhabi Region)
- Before You Start
- API Overview
- Calling APIs
- Function Model Definition
-
Function Management Zone APIs
- Querying a Function List
- Querying the Metadata of a Function
- Querying the Code of a Function
- Creating a Function
- Deleting a Function or Function Version
- Modifying the Code of a Function
- Modifying the Metadata of a Function
- Publishing a Function Version
- Querying the Versions of a Function
- Creating an Alias for a Function Version
- Modifying the Alias Information About a Function Version
- Deleting an Alias of a Function Version
- Querying the Alias Information About a Function Version
- Querying the Version Alias List of a Function
- Querying All Triggers of a Function
- Querying the Information About a Trigger
- Deleting All Triggers of a Function
- Creating a Trigger
- Deleting a Trigger
- Function Data Zone APIs
- Permissions Policies and Supported Actions
- Appendix
- Change History
- Developer Guide (ME-Abu Dhabi Region)
-
User Guide (Kuala Lumpur Region)
- Service Overview
- Getting Started
- Before You Start
- Building Functions
-
Configuring Functions
- Configuring Initialization
- Configuring Basic Settings
- Configuring Agency Permissions
- Configuring the Network
- Configuring Disk Mounting
- Configuring Environment Variables
- Configuring Asynchronous Execution Notification
- Configuring Single-Instance Multi-Concurrency
- Managing Versions
- Managing Aliases
- Configuring Dynamic Memory
- Online Debugging
- Creating Triggers
- Invoking the Function
- Monitoring
- Function Management
- Dependency Management
- Reserved Instance Management
- Audit
-
FAQs
-
General FAQs
- What Is FunctionGraph?
- Do I Need to Apply for Any Compute, Storage, or Network Services When Using FunctionGraph?
- Do I Need to Deploy My Code After Programming?
- What Runtimes Does FunctionGraph Support?
- How Much Disk Space Is Allocated to Each FunctionGraph Function?
- Does FunctionGraph Support Function Versioning?
- How Does a Function Read or Write Files?
- Does FunctionGraph Support Function Extension?
- Which Permissions Are Required for an IAM User to Use FunctionGraph?
- How Can I Create an ODBC Drive-based Python Dependency Package for Database Query?
- What Is the Quota of FunctionGraph?
- How Does a Container Image–based Function Resolve a Private DNS Domain Name?
- How Do I Use a Domain Name to Access an API Registered with API Gateway (Dedicated)?
- What Are the Common Application Scenarios of FunctionGraph?
- Why Can't the API Gateway Domain Name Bound to a Service Be Resolved During Function Invocation?
- Does FunctionGraph Support Synchronous Transmission at the Maximum Intranet Bandwidth?
- What If the VPC Quota Is Used Up?
- How Can I Print Info, Error, or Warn Logs?
- Can I Set the Domain Name of an API to My Own Domain Name?
- Can I Change the Runtime?
- Can I Change a Function's Name?
- Why Is Message "failed to mount exist system path" Displayed?
- How Do I Obtain Uploaded Files?
- Why Can't I Receive Responses for Synchronous Invocation?
- What Should I Do If the os.system("command &") Execution Logs Are Not Collected?
- Which Directories Can Be Accessed When a Custom Runtime Is Used?
- Which Minor Versions of Python 3.6 and 3.9 Are Supported?
- Which Actions Can Be Used Instead of a VPC Administrator Agency for VPC Access?
- What Are the Possible Causes for Function Timeout?
- How Do I Obtain the Code of a Function?
- Do You Have Sample Code for Initializers?
- How Do I Enable Structured Log Query?
- Can I Enable a Listening Port in a Function to Receive External TCP Requests via EIP?
- Function Creation FAQs
-
Trigger Management FAQs
- What If Error Code 500 Is Reported When Functions that Use APIG Triggers Return Strings?
- What Do LATEST and TRIM_HORIZON Mean in DIS Trigger Configuration?
- Why Can't I Enable or Disable OBS Triggers by Calling APIs?
- How Do I Use an APIG Trigger to Invoke a Function?
- How Does a Function Obtain the Request Path or Parameters When Using an APIG Trigger?
- Can I Create an OBS Trigger with an Existing Bucket?
-
Dependency Management FAQs
- What Is a Dependency?
- When Do I Need a Dependency?
- What Are the Precautions for Using a Dependency?
- What Dependencies Does FunctionGraph Support?
- Does FunctionGraph Support Class Libraries?
- How Do I Use Third-Party Dependencies on FunctionGraph?
- How Do I Create Function Dependencies?
- How Do I Create a Dependency on the FunctionGraph Console?
- How Do I Add a Dependency to a Function?
-
Function Execution FAQs
- How Long Does It Take to Execute a FunctionGraph Function?
- Which Steps Are Included in Function Execution?
- How Does FunctionGraph Process Concurrent Requests?
- What If Function Instances Have Not Been Executed for a Long Time?
- How Can I Speed Up Initial Access to a Function?
- How Do I Know the Actual Memory Used for Function Execution?
- Why Is My First Request Slow?
- What Do I Do If an Error Occurs When Calling an API?
- How Do I Read the Request Header of a Function?
- Why Does a Function Use More Memory Than Estimated and Even Trigger the Out of Memory Alarm?
- How Do I Check the Memory Usage When Seeing "runtime memory limit exceeded"?
- How Do I Troubleshoot "CrashLoopBackOff"?
- After I Updated an Image with the Same Name, Reserved Instances Still Use the Old Image. What Can I Do?
- Function Configuration FAQs
- External Resource Access FAQs
- Other FAQs
-
General FAQs
- Change History
-
API Reference (Kuala Lumpur Region)
- Before You Start
- API Overview
- Calling APIs
- Examples
-
APIs
- Function Invocation
- Function Quotas
- Dependencies
- Test Events
- Function Tracing
-
Function Lifecycle Management
- Querying Functions
- Creating a Function
- Deleting a Function or Function Version
- Querying the Code of a Function
- Modifying the Code of a Function
- Querying the Metadata of a Function
- Modifying the Metadata of a Function
- Updating Max. Instances of a Function
- Enabling or Disabling the Snapshot Function
- Querying Snapshot Status
- Querying Resource Tags
- Querying Resources
- Deleting Resource Tags
- Creating Resource Tags
- Creating a VPC Endpoint
- Deleting a VPC Endpoint
- Versions and Aliases
- Function Metrics
- Function Logs
- Reserved Instances
- Function Import and Export
- Function Triggers
-
Asynchronous Execution Notification
- Querying Asynchronous Execution Notification Settings of a Function Version
- Deleting Asynchronous Execution Notification Settings
- Configuring Asynchronous Execution Notification
- Querying Asynchronous Execution Notification Settings of a Function's All Versions
- Querying Asynchronous Invocation Requests
- Stopping an Asynchronous Invocation Request
- Appendix
- Developer Guide (Kuala Lumpur Region)
-
User Guide (ME-Abu Dhabi Region)
- Videos
- General Reference
Copied.
Permissions Management
To assign different permissions to employees in your enterprise to access your FunctionGraph resources, IAM is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your cloud resources.
With IAM, you can use your account to create IAM users for your employees, and assign permissions to the users to control their access to specific resource types. For example, some software developers in your enterprise need to use FunctionGraph resources but must not delete them or perform any high-risk operations. To achieve this result, you can create IAM users for the software developers and grant them only the permissions required for using FunctionGraph resources.
If your account does not need individual IAM users for permissions management, you may skip over this chapter.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview.
Why Is "Insufficient Permission" Displayed After Enterprise Project Authorization?
IAM project/Enterprise project: A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management. Policies that only contain actions supporting IAM projects can be assigned to user groups and only take effect for IAM. Such policies will not take effect if they are assigned to user groups in Enterprise Management. For details, see Differences Between IAM Projects and Enterprise Projects.
In FunctionGraph, only function resource APIs support enterprise project authorization. For other APIs that support only IAM project authorization:
- Click By IAM Project during authorization.
Figure 1 Viewing authorization records by IAM project
- When selecting the authorization scope, select Region-specific projects according to the minimum authorization principle.
FunctionGraph Permissions
By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign permissions policies to these groups. The user then inherits permissions from the groups it is a member of. This process is called authorization. After authorization, the user can perform specified operations on FunctionGraph based on the permissions.
FunctionGraph is a project-level service deployed and accessed in specific physical regions. To assign FunctionGraph permissions to a user group, specify the scope as region-specific projects and select projects (such as cn-north-1) in relevant regions (such as CN North-Beijing1) for the permissions to take effect. If All projects is selected, the permissions will take effect for the user group in all region-specific projects. When accessing FunctionGraph, the users need to switch to a region where they have been authorized to use the FunctionGraph service.
You can grant users permissions by using roles and policies.
- Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. This mechanism provides only a limited number of service-level roles for authorization. When using roles to grant permissions, you may also need to assign other roles on which the permissions depend. However, roles are not an ideal choice for fine-grained authorization and secure access control.
- Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for more flexible policy-based authorization, meeting requirements for secure access control.
Table 1 lists all the system policies supported by FunctionGraph.
Role/Policy Name |
Description |
Category |
Dependency |
---|---|---|---|
FunctionGraph Administrator |
This role has the permissions to manage functions, flows, and triggers, and invoke functions. (It will be unavailable soon and therefore not recommended.) |
System-defined role |
Tenant Guest |
FunctionGraph Invoker |
This role has the permissions to query functions, flows, triggers, and invoke functions. |
System-defined role |
N/A |
FunctionGraph FullAccess |
This policy grants all permissions for FunctionGraph. |
System-defined policy |
N/A |
FunctionGraph ReadOnlyAccess |
This policy grants read-only permissions for FunctionGraph. |
System-defined policy |
N/A |
FunctionGraph CommonOperations |
This policy grants permissions to query functions and triggers, and invoke functions. |
System-defined policy |
N/A |
If an IAM user granted the FunctionGraph FullAccess permission has no permission to create a certain type of trigger or use a certain function, the relevant service or function does not support fine-grained authentication. In this case, grant the admin permission for this service or function to the user. These services and functions include:
- CTS, APIG, and DIS: These do not support fine-grained authentication. Add the admin permission for them.
- SMN: This supports fine-grained authentication in some regions. If needed, add the admin permission for this service.
- IoTDA: This is a new trigger type and is not covered in FullAccess. When you create an IoTDA trigger, you will be prompted to create an agency and add the iam:agencies:list and iam:agencies:createAgency permissions.
- TMS, DNS, BSS, Cloud Eye, EG, and DMS: These are new functions and are not covered in FullAccess. Add the permissions for them as required.
For more information about the permissions required to use these triggers and relevant functions, see Table 2.
Trigger/Function |
Permission |
---|---|
APIG |
apig:groups:get apig:groups:list apig:apis:create apig:apis:delete apig:apis:update apig:apis:publish apig:apis:list apig:apis:get apig:apis:offline apig:apps:list apig:envs:list |
APIG (dedicated) |
apig:instances:get apig:instances:create apig:instances:update apig:instances:list apig:sharedInstance:operate |
CTS |
cts:notification:create cts:notification:delete cts:notification:update cts:operation:list cts:tracker:list cts:trace:list |
DDS |
dds:instance:get dds:instance:list |
DIS |
dis:streams:list |
IoTDA |
iotda:routingrules:create iotda:routingrules:delete iotda:routingrules:queryList iotda:routingrules:query iotda:routingactions:create iotda:routingactions:delete iotda:routingactions:query iotda:routingactions:queryList iotda:subscriptions:queryList iotda:rules:modifyStatus iotda:apps:queryList |
LTS |
lts:groups:create lts:groups:get lts:groups:list lts:groups:put lts:logstreams:delete lts:logstreams:list lts:topics:get lts:subscriptions:create lts:subscriptions:delete lts:subscriptions:put lts:structConfig:create lts:structConfig:get |
OBS |
obs:bucket:GetBucketLocation obs:bucket:GetBucketNotification obs:bucket:PutBucketNotification obs:bucket:ListBucket |
SMN |
smn:topic:list smn:topic:update |
TMS |
tms:predefineTags:list tms:tagValues:list |
DNS |
dns:recordset:create, dns:recordset:list, dns:recordset:update, dns:zone:create, dns:zone:delete, dns:zone:get, dns:zone:list |
BSS |
bss:bill:view bss:renewal:view |
CES |
ces:alarms:get ces:alarms:list ces:alarms:create |
DMS |
dms:instance:get |
EG |
eg:subscriptions:get eg:subscriptions:list eg:sources:list eg:sources:get eg:agency:create eg:subscriptions:create eg:subscriptions:delete eg:subscriptions:operate |
Table 3 lists the common operations supported by each system-defined policy of FunctionGraph. Please choose proper system-defined policies according to this table.
Operation |
FunctionGraph Invoker |
FunctionGraph Administrator |
FunctionGraph ReadOnlyAccess |
FunctionGraph CommonOperations |
FunctionGraph FullAccess |
---|---|---|---|---|---|
Creating functions |
× |
√ |
× |
× |
√ |
Querying functions |
√ |
√ |
√ |
√ |
√ |
Modifying functions |
× |
√ |
× |
× |
√ |
Deleting functions |
× |
√ |
× |
× |
√ |
Invoking functions |
√ |
√ |
× |
√ |
√ |
Querying function logs |
√ |
√ |
√ |
√ |
√ |
Viewing function metrics |
√ |
√ |
√ |
√ |
√ |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot