Help Center/ DataArts Fabric/ User Guide/ Preparations/ Creating an IAM User and Assigning Permissions to Use DataArtsFabric
Updated on 2025-07-08 GMT+08:00

Creating an IAM User and Assigning Permissions to Use DataArtsFabric

Before using DataArtsFabric functions, prepare the account, configure permissions for the account and its sub-accounts, and create a workspace. This section describes how to create an IAM user and assign permissions to use DataArtsFabric.

Prerequisites

You have a valid Huawei Cloud account.

Procedure

  1. Log in to the Huawei Cloud console. Click in the upper left corner of the page and choose Identity and Access Management from the service list.
  2. Choose Permissions > Policies/Roles, click Create Custom Policy in the upper right corner, set necessary parameters, and click OK. For details about the creation process, see Creating a Custom Policy.

    Administrators can set different policies for different user groups to control user permissions. Administrators can configure permissions as required. The following lists recommended permission combinations.

    Table 1 Permissions

    Service Role

    Policy

    Function

    System administrator

    {

    "Version": "1.1",

    "Statement": [

    {

    "Effect": "Allow",

    "Action": [

    "DataArtsFabric:*:*",

    "obs:bucket;*",

    "obs:object:*"

    ]

    }

    ]

    }

    With all DataArtsFabric permissions, this role can perform all DataArtsFabric operations.

    Resource administrator

    {

    "Version": "1.1",

    "Statement": [

    {

    "Effect": "Allow",

    "Action": [

    "DataArtsFabric:workspace:*",

    "DataArtsFabric:endpoint:*",

    "lakeformation:instance:*"

    ]

    }

    ]

    }

    With the permission to manage users' DataArtsFabric resources, this role can create and delete workspaces and endpoints.

    Inference service operator

    {

    "Version": "1.1",

    "Statement": [

    {

    "Effect": "Allow",

    "Action": [

    "DataArtsFabric:workspace:list",

    "DataArtsFabric:endpoint:list",

    "DataArtsFabric:endpoint:show",

    "DataArtsFabric:model:*",

    "DataArtsFabric:service:*",

    "obs:object:*",

    "obs:bucket:ListBucket"

    ]

    }

    ]

    }

    This role can performs inference-related services, including registering models, creating inference services, and performing inference.

    Job service operator

    {

    "Version": "1.1",

    "Statement": [

    {

    "Effect": "Allow",

    "Action": [

    "DataArtsFabric:workspace:list",

    "DataArtsFabric:endpoint:list",

    "DataArtsFabric:endpoint:show",

    "DataArtsFabric:job:*",

    "obs:object:*",

    "obs:bucket:ListBucket"

    ]

    }

    ]

    }

    This role can perform job-related services, including creating and executing jobs.

  3. In the navigation pane on the left, click User Groups. Click Create User Group in the upper right corner, enter the user group name, and click OK.
  4. In the user group list, select the created user group, click Authorize, select the required policies, and click Next. Select Scope as required and click OK. For details, see Creating a User Group and Assigning Permissions.
  5. In the navigation pane on the left, click Users. In the upper right corner, click Create User. Enter User Details as required, select Access Type and Credential Type, and click Next.
  6. In the Available User Groups list, select the target user group and click Create. For more information, see Creating an IAM User.