Creating an IAM User and Assigning Permissions to Use DataArtsFabric
Before using DataArtsFabric functions, prepare the account, configure permissions for the account and its sub-accounts, and create a workspace. This section describes how to create an IAM user and assign permissions to use DataArtsFabric.
Prerequisites
You have a valid Huawei Cloud account.
Procedure
- Log in to the Huawei Cloud console. Click
in the upper left corner of the page and choose Identity and Access Management from the service list.
- Choose Permissions > Policies/Roles, click Create Custom Policy in the upper right corner, set necessary parameters, and click OK. For details about the creation process, see Creating a Custom Policy.
Administrators can set different policies for different user groups to control user permissions. Administrators can configure permissions as required. The following lists recommended permission combinations.
Table 1 Permissions Service Role
Policy
Function
System administrator
{
"Version": "1.1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"DataArtsFabric:*:*",
"obs:bucket;*",
"obs:object:*"
]
}
]
}
With all DataArtsFabric permissions, this role can perform all DataArtsFabric operations.
Resource administrator
{
"Version": "1.1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"DataArtsFabric:workspace:*",
"DataArtsFabric:endpoint:*",
"lakeformation:instance:*"
]
}
]
}
With the permission to manage users' DataArtsFabric resources, this role can create and delete workspaces and endpoints.
Inference service operator
{
"Version": "1.1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"DataArtsFabric:workspace:list",
"DataArtsFabric:endpoint:list",
"DataArtsFabric:endpoint:show",
"DataArtsFabric:model:*",
"DataArtsFabric:service:*",
"obs:object:*",
"obs:bucket:ListBucket"
]
}
]
}
This role can performs inference-related services, including registering models, creating inference services, and performing inference.
Job service operator
{
"Version": "1.1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"DataArtsFabric:workspace:list",
"DataArtsFabric:endpoint:list",
"DataArtsFabric:endpoint:show",
"DataArtsFabric:job:*",
"obs:object:*",
"obs:bucket:ListBucket"
]
}
]
}
This role can perform job-related services, including creating and executing jobs.
- In the navigation pane on the left, click User Groups. Click Create User Group in the upper right corner, enter the user group name, and click OK.
- In the user group list, select the created user group, click Authorize, select the required policies, and click Next. Select Scope as required and click OK. For details, see Creating a User Group and Assigning Permissions.
- In the navigation pane on the left, click Users. In the upper right corner, click Create User. Enter User Details as required, select Access Type and Credential Type, and click Next.
- In the Available User Groups list, select the target user group and click Create. For more information, see Creating an IAM User.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot