User Permissions
Scenario
To manage SWR permissions, you can use Identity and Access Management (IAM). For details about how to set permissions, see Role/Policy-based Authorization. If you have the SWR Admin or Tenant Administrator permission, you become an admin user of SWR. You can grant permissions to other IAM users in SWR.
An admin user is granted image management permission of all organizations by default, even if the user is not in the authorized user list of the organizations.
If you are not an SWR admin user, you can request an SWR admin user to grant you permissions to read, write, or manage a specific image or images in a specific organization.
Scenarios
- Example 1: An IAM user having the ServiceStage Developer permission (SWR read-only permission) wants to pull the Nginx image created by the SWR administrator in the group organization.
Solution: The SWR administrator grants the read permission on the Nginx image details page to the IAM user and then the image can be pulled.
- Example 2: An SWR administrator wants to grant an external user the permission to push images to the organization, but the user is not allowed to log in to the console and can only push images through the container engine client.
Solution: The SWR administrator grants the edit permission to the user on the Users tab page of the organization details page and set Access Type to Programmatic access in IAM.
Figure 1 Changing access type
Authorization Methods
IAM users in SWR can have permissions by using either of the following methods:
- Grant permissions of a specific image to allow IAM users to read, write, and manage the image.
- Grant permissions of an organization to allow IAM users to read, write, and manage all the images in the organization.
Figure 2 User permissions
You can add the following three types of permissions to users:
- Read: Users can only pull images.
- Write: Users can pull and push images, edit image attributes, and add triggers.
- Manage: Users can pull and push images, delete images or tags, edit image attributes, grant permissions, add triggers, and share images with other users.
To upload images to an organization, you require the write or manage permission for the organization to which images are uploaded. Write and manage permissions added on the image details pages will not be sufficient to upload images.
Granting Permissions of a Specific Image
To allow IAM users of your account to read, write, and manage a specific image, add the required permissions to the users on the details page of this image.
- Log in to the SWR console.
- In the navigation pane, choose My Images and click the desired image.
- On the image details page, click the Permissions tab.
Figure 3 Permissions management
- Click Add Permission. On the page displayed, enter an IAM username, and then click Read, Write, or Manage. Click OK to confirm.
Figure 4 Granting permissions of a specific image
Modifying or Deleting Permissions of a Specific Image
You can also modify or delete user permissions on the image details page.
- To modify permissions, click the Permissions tab on the image details page, and click Modify in the row of the desired username. Select a permission in the Permission drop-down list, and click Save in the Operation column.
Figure 5 Modifying permissions of a specific image
- To delete permissions, click Delete in the row of the desired username on the Permissions tab page. In the dialog box displayed, enter DELETE and click Yes.
Figure 6 Deleting permissions of a specific image
Granting Permissions of an Organization
After an IAM user is created, the administrator needs to grant permissions to the user in the organization so that the user can read, edit, and manage images in the organization.
Only accounts and IAM users who have the Manage permission can add permissions for other users.
- Log in to the SWR console.
- In the navigation pane, choose Organizations. Then click View Details in the row of the desired organization.
- On the Users tab page, click Add Permission. In the dialog box displayed, enter an IAM username, select permissions for the user and click OK.
Figure 7 Granting permissions of an organization
Modifying or Deleting Permissions of an Organization
You can also modify and delete user permissions of an organization.
- To modify permissions, click Modify in the row of the desired username on the Users tab page. Select a permission in the Permission drop-down list, and click Save in the Operation column.
Figure 8 Modifying permissions of an organization
- To delete permissions, click Delete in the row of the desired username on the Users tab page. In the dialog box displayed, enter DELETE and click Yes.
Figure 9 Deleting permissions of an organization
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
