Help Center> Data Security Center> User Guide> Assets> Allowing or Disallowing Access to Cloud Assets
Updated at: 2022-04-02 GMT+08:00

Allowing or Disallowing Access to Cloud Assets

This section describes how to grant or revoke permissions for accessing OBS bucket, database, big data, and data security overview. The system will create an agency for you to use DSC.

Prerequisites

  • You have obtained the account with the Security Administrator permission and its password for logging in to the HUAWEI CLOUD management console.
  • You have added the obtained account to the user group that has been assigned with the DSC FullAccess permission. For details, see Creating a User and Assigning DSC Permissions.

Constraints

  • After permissions are granted, DSC will be able to access your OBS buckets, databases, big data instances, and other cloud assets as needed.

    After DSC is granted permissions for accessing the OBS bucket to obtain the logs, fees are incurred. For details, see Requests.

  • After the permissions are revoked, ensure that your assets have no ongoing tasks. DSC will delete your agencies and assets and all related data. Exercise caution when performing this operation.

Agency Policies Obtained After Access to Assets Is Allowed

Table 1 Agency policies

Asset

Policy

Scope

Remarks

OBS

OBS Administrator

Global

Used to configure OBS logs, obtain the OBS bucket list, and download items form OBS.

EVS ReadOnlyAccess

Regional

Used to obtain the EVS disk list.

OBS Administrator

Global

Used to obtain the logs delivered by OBS.

Database

ECS ReadOnlyAccess

Regional

Used to obtain the list of ECSs where databases are built.

RDS ReadOnlyAccess

Regional

Used to obtain the RDS database list and related information.

DWS ReadOnlyAccess

Regional

Used to obtain the DWS instance list.

VPC FullAccess

Regional

Used to establish network connection and create VPC ports and security group rules

KMS CMKFullAccess

Regional

Used to perform encryption using KMS in data masking.

Big Data

ECS ReadOnlyAccess

Regional

Used to obtain the list of ECSs where big data sources reside.

CSS ReadOnlyAccess

Regional

Used to obtain the CSS data cluster list and data indexes.

DLI Service User

Regional

Used to obtain the DLI queue and database.

VPC FullAccess

Regional

Used to establish network connection and create VPC ports and security group rules.

KMS CMKFullAccess

Regional

Used to perform encryption using KMS in data masking.

Overview

Tenant Guest

Regional

Used to obtain the list of cloud services used for data storage and processing.

OBS Administrator

Global

Used to configure OBS logs, obtain the OBS bucket list, and download items form OBS.

EVS ReadOnlyAccess

Regional

Used to obtain the EVS disk list.

OBS Administrator

Global

Used for OBS to deliver logs.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Data Security Center.
  4. In the navigation pane, choose Assets.
  5. In the upper right corner of the page, click Allow Access to Cloud Assets.

    Figure 1 Assets

  6. On the displayed page, allow or disallow DSC to access your cloud assets. For details, see Table 2.

    Figure 2 Allowing access to cloud assets
    Table 2 Parameters

    Parameter

    Description

    Assets

    DSC provides four types of assets:
    • OBS
    • Database: For details about the database types and versions supported by DSC, see Constraints.
    • Big Data
    • Overview: Allow DSC to access and collect stored, transferred, used, exchanged, and deleted data of cloud services.

    Agency Policies Obtained After Access to Assets Is Allowed describes the agency policies obtained after the access to assets is allowed.

    Authorization Status

    The options are as follows:
    • Authorized
    • Unauthorized

    Operation

    Click the following toggle buttons to allow or disallow access to your assets:
    • : Unauthorized
    • : Authorized

close