Agency Authorization
Some functions provided by IoTDA need to access user resources. Therefore, you need to create an agency to authorize the access. For details, see Table 1.
|
Scenario |
Authorization |
|---|---|
|
Uploading a file |
obs:object:PutObject obs:bucket:HeadBucket obs:object:GetObject obs:bucket:GetBucketCustomDomainConfiguration KMS Administrator (encryption scenario) |
|
Upgrading software/firmware |
obs:object:GetObject KMS Administrator (encryption scenario) |
|
Forwarding data to DIS |
DIS Administrator |
|
Forwarding data to FunctionGraph |
FunctionGraph:function:list FunctionGraph:function:invokeAsync |
|
Forwarding data to OBS |
obs:bucket:ListAllMyBuckets obs:object:GetObject obs:object:PutObject KMS Administrator (encryption scenario) |
|
Forwarding data to LTS |
lts:groups:get lts:topics:get |
|
Forwarding data to BCS Fabric |
bcs:fabricInstance:getDetail bcs:fabricInstance:downloadSdkCfg bcs:fabricInstance:downloadCert |
|
Forwarding data to BCS HW |
bcs:huaweiCloudChainChain:downloadSdkConfig bcs:huaweiCloudChainChain:getChain bcs:huaweiCloudChainContract:get |
|
Using codecs |
FunctionGraph:function:invoke FunctionGraph:function:getConfig |
|
Using custom authentication functions |
FunctionGraph:function:invoke FunctionGraph:function:getConfig |
|
Using SMN notifications of linkage rules |
smn:topic:list smn:topic:publish |
|
Using private images for generic-protocol plug-in |
swr:repo:listRepos swr:repo:createRepoDomain |
|
Using instance maintenance window notifications |
smn:topic:list smn:topic:publish |
|
Configuring private connections |
vpcep:permissions:update vpcep:epservices:create vpcep:epservices:list vpcep:connections:update |
|
Configuring private connections to DMS |
dms:instance:get dms:instance:modify vpcep:permissions:update vpcep:epservices:create vpcep:epservices:list vpcep:connections:update |
|
Creating an enterprise edition instance |
vpc:securityGroups:get vpc:ports:delete vpc:subnets:get vpc:subnets:update vpc:vpcs:get vpcep:endpoints:create vpcep:endpoints:get vpcep:endpoints:delete |
Authorization Scenarios
When you use Table 1 for the first time, the page for creating agency authorization is displayed, showing the function list and scope of authorization. After you agree to the authorization, IoTDA creates an agency named iotda_admin_trust in IAM, after the authorization is successful, you can view the created agency in the agency list on the IAM console.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
