- What's new
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- Introduction
- Permissions Management
- Basics of the Container Engine
-
Image Management
- Uploading an Image Through a Container Engine Client (Recommended)
- Obtaining a Long-Term Valid Login Command
- Uploading an Image Through SWR Console
- Pulling an Image
- Setting Image Attributes
- Sharing a Private Image
- Adding a Trigger
- Adding an Image Retention Policy
- Configuring Automatic Image Synchronization Between Regions
- Image Center
- Organization Management
- User Permissions
- Auditing
- Change History
- Best Practices
-
API Reference
- Before You Start
- Calling APIs
- API Overview
-
API
- Organization Management
- Managing Image Repositories
- Image Tag Management
- Shared Account Management
- API Version
- Organization Permission Management
- Image Permission Management
- Image Synchronization Management
- Trigger Management
- Image Retention Policy Management
- Temporary Login Command
- Quota Management
- Other
- Example Applications
- Appendixes
- SDK Reference
-
FAQs
- General FAQs
- Login Issues
- Synchronizing Images
- Pushing an Image
- Pulling an Image
-
Troubleshooting
- Why Does the Login Command Fail to Be Executed?
- Why Does an Image Fail to Be Pushed Through a Container Engine Client?
- Why Does an Image Fail to Be Uploaded Through SWR Console?
- Why Does the docker pull Command Fail to Be Executed?
- What Should I Do If Images Cannot Be Downloaded from Private Networks?
- What Do I Do If an Error Occurs When I Call an API?
-
Other FAQs
- Why Does a CCE Workload Cannot Pull an Image from SWR and a Message "Not Logged In" Is Displayed?
- How Many Tenants Can I Share an SWR Private Image With?
- Why Is an Image Pushed Using a Container Engine Client to SWR Different in Size From One Uploaded Through the SWR Console?
- Can I Pull Images on the SWR Console to a Local PC?
- Videos
- Glossary
-
More Documents
- User Guide
- API Reference
- User Guide (Paris Regions)
- API Reference (Paris Regions)
- User Guide (Kuala Lumpur Region)
- API Reference (Kuala Lumpur Region)
-
User Guide (Ankara Region)
- Service Overview
- Overview
- Permissions Management
- Basics of Docker
-
Image Management
- Pushing an Image Through a Container Engine Client
- Obtaining a Long-Term Valid Docker Login Command
- Obtaining a Long-Term Valid containerd Pull/Push Command
- Uploading an Image Through the SWR Console
- Pulling an Image
- Setting Image Attributes
- Sharing Private Images
- Adding a Trigger
- Adding an Image Retention Policy
- Organization Management
- User Permissions
- FAQs
-
API Reference (Ankara Region)
- Before You Start
- API Overview
- Calling APIs
- API
- Appendixes
- Permissions and Supported Actions
- General Reference
Show all
Copied.
Access Control
Access Mode
A bunch of tools, including console, command line tools, APIs, and SDKs, are provided for you to access SWR. No matter which method you use, you are accessing SWR through REST APIs.
The SWR APIs support both authenticated and anonymous requests. There will usually be anonymous requests in the scenarios that require public access, for example, accessing a hosted static website. In most cases, requests for SWR resources must be authenticated. An authenticated request must contain a signature value. The signature value is calculated based on the requester's access keys (AK/SK) as the encryption factor and the specific information carried in the request body. AK/SK authentication uses AK/SK-based encryption to authenticate a request sender. For details about an AK/SK and how to obtain one, see Obtaining a Long-Term Valid Login Command.
Control Policy
Users' access to SWR in any mode is restricted by the SWR access control policy. Currently, SWR supports the following control policies:
Access Mode |
Description |
Reference |
|
---|---|---|---|
Permissions control |
IAM permissions |
IAM permissions define which actions on your cloud resources are allowed and which actions are denied, to control access to your resources. After an IAM user is created, the administrator adds it to a user group. The administrator can assign the user group required SWR access permissions and all users in this group then inherit the assigned permissions. |
|
Image permissions |
The image permissions refer to the permissions to read, edit, and manage an image. In addition to assigning permissions to users in IAM, the administrator can add, modify, and delete permissions for IAM users in the image details page on SWR console. |
||
Organization permissions |
Organizations enable efficient management of images. Organizations are used to isolate image repositories. With each organization being limited to one company or department, images can be managed in a centralized and efficient manner. An image name needs to be unique within an organization. An IAM user can join different organizations. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot