Overview
IAM is a foundational service for permission management, offering functions like user identity authentication, permission allocation, and access control, enabling you to securely manage access to cloud resources and perform fine-grained permission management.
IAM Authorization Types and Use Cases
IAM can authorize different enterprise users to access cloud service resources. For example, if there are employees responsible for data analysis within your organization whom you wish to have usage permissions for DLI compute resources but not the permission to perform high-risk operations such as deleting DLI resources, you can use IAM for permission allocation. By granting users the ability to only use DLI resources without allowing them to delete these resources, you can control their access to DLI resources.
For newly created users, they must first log in to DLI once to record metadata before being able to use DLI.
|
Type |
Core Relationship |
Permission |
Authorization Method |
Use Case |
|---|---|---|---|---|
|
Role/Policy-based authorization |
User-permission-authorization scope |
|
Assigning roles or policies to principals |
To authorize a user, you need to add it to a user group first and then specify the scope of authorization. It provides a limited number of condition keys and cannot meet the requirements of fine-grained permissions control. This method is suitable for small- and medium-sized enterprises. |
IAM is free to use, and you only need to pay for the resources in your account. For more information about IAM, see Identity and Access Management Service Overview.
If your Huawei Cloud account does not need individual IAM users for permission management, skip over this section.
DLI System Permissions
Table 2 lists all system-defined permissions for DLI.
|
Type |
Link |
|---|---|
|
System-defined permissions for role/policy-based authorization |
- Roles: A coarse-grained authorization strategy that defines permissions by job responsibility. This strategy offers limited service-level roles for authorization. Huawei Cloud services are interdependent. When you assign permissions using roles, you also need to attach any existing role dependencies. Roles are not suitable for fine-grained authorization and least privilege access.
- Policies: A fine-grained authorization strategy that defines permissions required to perform operations on specific cloud resources under certain conditions. This strategy is more flexible and ideal for least privilege access. For example, you can grant IAM users only permissions to manage DLI resources of a certain type.
For details about the system-defined policies you need to perform common SQL operations, see Common Operations Supported by Each System Permission.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
