Creating an IAM User and Granting Permissions
You can use Identity and Access Management (IAM) to implement fine-grained permissions control on DLI resources. For details, see Overview.
If your cloud account does not need individual IAM users, then you may skip over this section.
This section describes how to create an IAM user and grant DLI permissions to the user. Figure 1 shows the procedure.
Prerequisites
Before assigning permissions to user groups, you should learn about system policies and select the policies based on service requirements. For details about system permissions supported by DLI, see DLI System Permissions.
Process Flow
- Create a user group and grant permissions to it.
Create a user group on the IAM console, and assign the DLI ReadOnlyAccess permission to the group.
- Create an IAM user.
Create a user on the IAM console and add the user to the group created in 1.
- Log in and verify permissions.
Log in to the management console using the newly created user, and verify the user permissions.
- Choose Service List > Data Lake Insight. The DLI management console is displayed. If you can view the queue list on the Queue Management page but cannot buy DLI queues by clicking Buy Queue in the upper right corner (assume that the current permission contains only DLI ReadOnlyAccess), the DLI ReadOnlyAccess permission has taken effect.
- Choose any other service in Service List. If a message appears indicating that you have insufficient permissions to access the service, the DLI ReadOnlyAccess permission has already taken effect.
More
- For how to create an IAM user, see Creating an IAM User.
- For how to create a custom policy, see Creating a Custom Policy.
- For how to modify a user policy, see Modifying or Deleting a Custom Policy.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot