- What's New
- Function Overview
- Service Overview
-
Billing
- Billing Overview
- Billing Modes
- Billed Items
- Billing Examples
- Billing Mode Changes
- Renewing Subscriptions
- Bills
- Arrears
- Billing Termination
- Cost Management
-
Billing FAQ
- How Do I Purchase SFS?
- How Do I Renew the Service?
- How Do I Check Whether the Subscriber Is in Arrears?
- Can I Purchase SFS Capacity-Oriented Resource Packages When I Still Have Valid Ones in Use?
- How Do I Check the Usage of an SFS Capacity-Oriented Resource Package?
- How Do I Adjust the Size of an SFS Capacity-Oriented Resource Package?
- Do SFS Capacity-Oriented and SFS Turbo Share One Resource Package?
- Getting Started
- User Guide
- Best Practices
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- Calling General Purpose File System APIs
- Getting Started (SFS Capacity-Oriented)
- Getting Started with SFS Turbo
- Getting Started with General Purpose File System
-
SFS Capacity-Oriented APIs
- API Version Queries
- File Systems
- File System Access Rules
- Quota Management
- Expansion and Shrinking
-
Tag Management
- Adding a Tag to a Shared File System
- Deleting a Tag from a Shared File System
- Querying Tags of a Shared File System
- Querying Tags of All File Systems of a Tenant
- Batch Adding Tags to a Shared File System
- Batch Deleting Tags from a Shared File System
- Querying Shared File Systems by Tag
- Querying the Number of Shared File Systems by Tag
- AZ
-
SFS Turbo APIs
- Lifecycle Management
- Connection Management
- Tag Management
- Name Management
- File System Management
-
Storage Interworking Management
- Adding a Backend Target
- Querying Backend Targets
- Obtaining Details About a Backend Target
- Deleting a Backend Target
- Updating the Properties of a Storage Backend
- Updating the Auto Synchronization Policy of a Storage Backend
- Creating an Import or Export Task
- Querying Details About an Import or Export Task
- Listing Import and Export Tasks
- Deleting an Import or Export Task
- Updating a File System
- Directory Management
-
Permissions Management
- Creating a Permission Rule
- Querying Permission Rules of a File System
- Querying a Permission Rule of a File System
- Modifying a Permission Rule
- Deleting a Permissions Rule
- Creating and Binding the LDAP Configuration
- Querying the LDAP Configuration
- Modifying the LDAP Configuration
- Deleting the LDAP Configuration
- Task Management
- General Purpose File System APIs
- Permissions Policies and Supported Actions
- Common Parameters
- Appendix
- SDK Reference
-
Troubleshooting
- Mounting a File System Times Out
- Mounting a File System Fails
- File System Performance Is Poor
- Failed to Create an SFS Turbo File System
- A File System Is Automatically Disconnected from the Server
- A Server Fails to Access a File System
- The File System Is Abnormal
- Data Fails to Be Written into a File System Mounted to ECSs Running Different Types of Operating Systems
- Failed to Mount an NFS File System to a Windows IIS Server
- Writing to a File System Fails
- Error Message "wrong fs type, bad option" Is Displayed During File System Mounting
- Failed to Access the Shared Folder in Windows
-
FAQs
- Concepts
- Specifications
- Restrictions
- Networks
-
Billing
- How Do I Purchase SFS?
- How Do I Renew the Service?
- How Do I Check Whether the Subscriber Is in Arrears?
- Can I Purchase SFS Capacity-Oriented Resource Packages When I Still Have Valid Ones in Use?
- How Do I Check the Usage of an SFS Capacity-Oriented Resource Package?
- How Do I Adjust the Size of an SFS Capacity-Oriented Resource Package?
- Do SFS Capacity-Oriented and SFS Turbo Share One Resource Package?
-
Others
- How Do I Access a File System from a Server?
- How Do I Check Whether a File System on a Linux Server Is Available?
- What Resources Does SFS Occupy?
- Why Is the Capacity Displayed as 10P After I Mount My SFS Capacity-Oriented File System?
- Why the Capacity Is Displayed as 250TB After I Mount My General Purpose File System?
- How Can I Migrate Data Between SFS and OBS?
- Can a File System Be Accessed Across Multiple AZs?
- Can I Upgrade an SFS Capacity-Oriented File System to an SFS Turbo File System?
- Can I Upgrade an SFS Turbo File System from Standard to Standard-Enhanced?
- How Can I Migrate Data Between SFS and EVS?
- Can I Directly Access SFS from On-premises Devices?
- How Do I Delete .nfs Files?
- Why My File System Used Space Increases After I Migrate from SFS Capacity-Oriented to SFS Turbo?
- How Can I Improve the Copy and Delete Efficiency with an SFS Turbo File System?
- How Do Second- and Third-level Directory Permissions of an SFS Turbo File System Be Inherited?
- How Do I Deploy SFS Turbo on CCE?
- Videos
-
More Documents
- User Guide (ME-Abu Dhabi Region)
- API Reference (ME-Abu Dhabi Region)
-
User Guide (Paris Region)
- Introduction
- Getting Started
- Management
- Typical Applications
-
Troubleshooting
- Mounting a File System Times Out
- Mounting a File System Fails
- Failed to Create an SFS Turbo File System
- A File System Is Automatically Disconnected from the Server
- A Server Fails to Access a File System
- The File System Is Abnormal
- Data Fails to Be Written into a File System Mounted to ECSs Running Different Types of Operating Systems
- Failed to Mount an NFS File System to a Windows IIS Server
- Writing to a File System Fails
- Error Message "wrong fs type, bad option" Is Displayed During File System Mounting
- Failed to Access the Shared Folder in Windows
-
FAQs
- Concepts
- Specifications
- Restrictions
- Networks
-
Others
- How Do I Access a File System from a Server?
- How Do I Check Whether a File System on a Linux Server Is Available?
- What Resources Does SFS Occupy?
- Why Is the Capacity Displayed as 10P After I Mount My SFS Capacity-Oriented File System?
- Can a File System Be Accessed Across Multiple AZs?
- How Can I Migrate Data Between SFS and EVS?
- Can I Directly Access SFS from On-premises Devices?
- How Do I Delete .nfs Files?
- Why My File System Used Space Increases After I Migrate from SFS Capacity-Oriented to SFS Turbo?
- How Can I Improve the Copy and Delete Efficiency with an SFS Turbo File System?
- How Do Second- and Third-level Directory Permissions of an SFS Turbo File System Be Inherited?
- Other Operations
- Change History
- API Reference (Paris Region)
- User Guide (Kuala Lumpur Region)
- API Reference (Kuala Lumpur Region)
- Glossary
- General Reference
Copied.
Creating a User and Granting SFS Permissions
This section describes how to use IAM to implement fine-grained permissions control for your SFS resources. With IAM, you can:
- Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing SFS resources.
- Grant only the permissions required for users to perform a specific task.
If your Huawei Cloud account does not require individual IAM users, skip this section.
This section describes the procedure for granting permissions (see Figure 1).
Prerequisites
Learn about the permissions (see System-defined roles and policies) supported by SFS and choose policies or roles according to your requirements. For the permissions of other services, see System Permissions.
Use Restrictions
- All system-defined policies and custom policies are supported in SFS Capacity-Oriented file systems.
- Both system-defined policies and custom policies are supported for SFS Turbo and general purpose file systems.
Process Flow
- Create a user group and assign permissions to it.
On the IAM console, create a user group and grant it read-only permissions:
For SFS Capacity-Oriented, grant the SFS ReadOnlyAccess policy.
For SFS Turbo, grant the SFS Turbo ReadOnlyAccess policy.
For General Purpose File System, grant the SFS3 ReadOnlyAccess policy.
- Create a user and add it to a user group.
Create a user on the IAM console and add the user to the group created in 1.
- Log in and verify permissions.
Log in to the SFS console using the created user, and verify that the user only has read permissions for SFS.
- Choose Service List > Scalable File Service. On the SFS console, click Create File System in the upper right corner. If a message appears indicating that you have insufficient permissions to perform the operation, the corresponding policy is in effect.
For SFS Capacity-Oriented, the SFS ReadOnlyAccess policy is in effect.
For SFS Turbo, the SFS Turbo ReadOnlyAccess policy is in effect.
For General Purpose File System, the SFS3 ReadOnlyAccess policy is in effect.
- Choose another service from Service List. If a message appears indicating that you have insufficient permissions to access the service, the corresponding policy is in effect.
For SFS Capacity-Oriented, the SFS ReadOnlyAccess policy is in effect.
For SFS Turbo, the SFS Turbo ReadOnlyAccess policy is in effect.
For General Purpose File System, the SFS3 ReadOnlyAccess policy is in effect.
- Choose Service List > Scalable File Service. On the SFS console, click Create File System in the upper right corner. If a message appears indicating that you have insufficient permissions to perform the operation, the corresponding policy is in effect.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot