Permission Dependency of the WAF Console
When using WAF, you may need to view resources of or use other cloud services. So you need to obtain required permissions for dependent services so that you can view resources or use WAF functions on WAF Console. To that end, make sure you have the WAF FullAccess or WAF ReadOnlyAccess assigned first. For details, see Creating a User Group and Granting Permissions.
Dependency Policy Configuration
To grant an IAM user the permissions to view or use resources of other cloud services on the WAF console, you must first grant the WAF Administrator, WAF FullAccess, or WAF ReadOnlyAccess policy to the user group to which the user belongs and then grant the dependency policies listed in Table 1 to the user. These dependency policies will allow the IAM user to access resources of other cloud services.
|
Console Function |
Dependent Services |
Policy/Role Required |
|---|---|---|
|
Dashboard |
Enterprise Project Management Service (EPS) |
You can view the data on the Dashboard page of an enterprise project only after obtaining the EPS ReadOnlyAccess system policy. |
|
Buying a WAF instance (for Dedicated Cloud) |
Elastic Volume Service (EVS) |
The EVS ReadOnlyAccess system policy is required to query EVS disks you have. |
|
Dedicated WAF engine management |
Network Console VPC Elastic IP (EIP) Elastic Load Balance (ELB) |
|
|
Adding a website to WAF (ELB mode) |
Elastic Load Balance (ELB) |
The ELB Administrator system role is required along with the ELB FullAccess and ELB ReadOnlyAccess permissions to query load balancers bound to dedicated WAF instances. |
|
Instance group management |
Elastic Load Balance (ELB) |
The ELB ReadOnlyAccess system policy is required to query load balancers used for a WAF instance group. |
|
Adding a website to WAF (cloud and dedicated modes) |
Cloud Certificate Manager (CCM) |
The SCM ReadOnlyAccess system policy is required to query certificate details. |
|
Editing server information |
Cloud Certificate Manager (CCM) |
|
|
Website settings |
Cloud Certificate Manager (CCM) |
|
|
Notifications |
Simple Message Notification (SMN) |
The SMN ReadOnlyAccess system policy is required to obtain SMN topic groups. |
|
Enabling LTS for WAF logging |
Log Tank Service (LTS) |
The LTS ReadOnlyAccess system policy is required to select log group and log stream names created in LTS. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
