Updated on 2022-11-15 GMT+08:00

Permissions Management

If you need to assign different permissions to employees in your enterprise to access your SWR resources, Identity and Access Management (IAM) is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your Huawei Cloud resources.

With IAM, you can use your account to create IAM users for your employees, and assign permissions to the users to control their access to specific resource types. For example, some software developers in your enterprise need to use SWR resources but should not be allowed to delete the resources or perform any other high-risk operations. In this scenario, you can create IAM users for the software developers and grant them only the permissions required for using SWR resources.

If your Huawei Cloud account does not require individual IAM users for permissions management, skip this section.

IAM is free. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview.

SWR Permissions

By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.

SWR is a project-level service deployed and accessed in specific physical regions. To assign SWR permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect. If All projects is selected, the permissions will take effect for the user group in all region-specific projects. When accessing SWR, the users need to switch to a region where they have been authorized to use this service.

Table 1 SWR Permissions

Item

Description

Type

SWR Admin

SWR administrator permissions, including all SWR permissions.

System-defined role

Tenant Administrator

Administrator permissions for all services except IAM, including all SWR permissions.

System-defined role

Tenant Guest

Read-only permissions for all services except IAM, including permissions such as image pull.

System-defined role

ServiceStage Developer

ServiceStage developer permissions, including permissions such as image pull.

System-defined role

  • You can grant permissions, namely, read, write, and manage, to different users for them to access either a specific image or images of a specific organization.
  • In addition, SWR has the SWR FullAccess, SWR OperateAccess, and SWR ReadOnlyAccess permissions. However, the preceding three permissions are available only for SWR Enterprise Edition. Currently, the OBT of SWR Enterprise Edition has been suspended. Only users of SWR Enterprise Edition can use the three permissions.

Links