Sharing an Endpoint Rule

Overview

You can also share your endpoint rules to other accounts if you are the owner of these rules. Resource owners can select different permissions based on the principle of least privilege (PoLP) and service requirements, and principals can only access resources within their permissions. This improves resource security. For more information about RAM, see What Is Resource Access Manager?

If your account is managed by Huawei Cloud Organizations, you can enable sharing with Organizations to share resources more easily. If your account is in an organization, you can share resources either with individual accounts or with all accounts in the organization or in an organization unit (OU) without the need to enumerate each account. For details, see Enabling Sharing with Organizations.

Notes and Constraints

You are the resource owner. Only resource owners can share the resources in their accounts with other accounts. You cannot share endpoint rules that are shared with your account.
If you share an endpoint rule with your organization or an OU, you must enable sharing with Organizations. For details, see Enabling Sharing with Organizations.
A principal can accept up to 50 endpoint rules from resource owners.

Creating a Share

Go to the Resolvers page.
Click in the upper left corner and select the desired region and project.
Click the Endpoint Rules tab to view the endpoint rule list.
Locate the endpoint rule, click More in the Operation column, and select Share.
On the Create Resource Share page, specify the resource to be shared, configure permissions, and specify users as prompted.
For details, see Creating a Resource Share.

After an owner shares an endpoint rule with a principal, the principal needs to accept the sharing within a specified period. For details, see Responding to a Resource Sharing Invitation.

Viewing Share Details

Go to the Resolvers page.
Click in the upper left corner and select the desired region and project.
Click the Endpoint Rules tab to view the endpoint rule list.
Go to the Shared with Me tab and view the endpoint rules that are shared with your account.
- If you are the owner of a shared endpoint rule, you can view the shared endpoint rule, permissions, and principals on the RAM console. For details, see Viewing a Resource Share.
- If you are a principal of a shared endpoint rule, you can view the shared endpoint rule, permissions, and resource owner on the RAM console. For details, see Viewing Resources Shared with You.

Stopping a Share

If a share is no longer needed, you can delete it at any time as the owner. Deleting a share does not delete the shared resources. After a share is deleted, the principals will no longer use the shared resources. For details, see Deleting a Resource Share.
If you are a principal and you do not need to access the shared resources, you can leave the resource share at any time. After you leave the resource share, you lose access to the shared resources.
You can leave a resource share only if the resources were shared with you as an individual Huawei Cloud account and not as part of an organization. You cannot leave a resource share if you were added to it by an account inside your organization and sharing with Organizations is enabled. For details, see Leaving a Resource Share.

Operation Permissions on Shared Endpoint Rules

The owner and principals of shared endpoint rule have different operation permissions on the endpoint rule and associated resources. For details, see Table 1.

**Table 1** Operation permissions on shared endpoint rules and associated resources
Resource	Owner	Principal
Endpoint rule	Has all operation permissions on the shared endpoint rule.	Can only view the VPCs that are associated with the shared endpoint rule, but cannot perform any operations on the VPCs.