Updated on 2024-02-29 GMT+08:00

Overview

A ServiceComb engine may be used by multiple users. Different users must have different ServiceComb engine access and operation permissions based on their responsibilities and permissions.

The exclusive ServiceComb engine with security authentication enabled provides the system management function using the role-based access control (RBAC) through the microservice console.

The exclusive ServiceComb engine with security authentication enabled supports the access of Spring Cloud and Java chassis microservice frameworks.

  • The RBAC-based system management function is irrelevant to IAM permission management. It is only an internal permission management mechanism of CSE.
  • To operate a ServiceComb engine on CSE, you must have both the IAM and RBAC permissions, and the IAM permission takes precedence over the RBAC permission.
  • If you perform operations on a ServiceComb engine through APIs or the microservice framework, you only need to have the RBAC permissions.
  1. You can use an account associated with the admin role to create an account and associate a proper role with the account based on service requirements. The user who uses this account has the access and operation permissions on the ServiceComb engine.
    • When you create an exclusive ServiceComb engine with security authentication enabled, the system automatically creates the root account associated with the admin role. The root account cannot be edited or deleted.
    • You can create an account using the root account of the ServiceComb engine or an account associated with the admin role of the ServiceComb engine. For details about how to create and manage an account, see Accounts.
  1. You can create a custom role using an account associated with the admin role and grant proper ServiceComb engine access and operation permissions to the role based on service requirements.
    • The system provides two default roles: administrator (admin) and developer (developer). Default roles cannot be edited or deleted.
    • You can create a custom role using the root account of the ServiceComb engine or an account associated with the admin role of the ServiceComb engine. For details about how to create and manage a role, see Roles.
    • For details about role permissions, see Table 1.
    Table 1 Role permissions

    Role

    Permission Description

    Admin

    Full permissions for all microservices, accounts, and roles of the ServiceComb engine.

    Developer

    Full permissions for all microservices of the ServiceComb engine.

    Custom role

    You can create roles based on service requirements and grant microservice operation and configuration permissions to the roles.