Allowing GaussDB(DWS) to Manage Resources
Huawei Cloud services interwork with each other, and certain operations require cooperation with other cloud services. To do so, you need to create a cloud service delegation and give GaussDB(DWS) permission to perform certain resource management tasks on your behalf by authorizing it to operate other cloud services.
- We are currently rectifying agency permissions. Previously, agencies relied on IAM permissions. Now, they are being migrated to a new system. To switch to the new, lower-permission agency for better resource protection, contact O&M personnel.
- By default, only Huawei Cloud accounts or users with Security Administrator permissions can query and create agencies. By default, the IAM user does not have permission to query or create agencies. If you lack these permissions, contact an authorized user to grant access.
- The agency permission is obtained from the cache. The cache is updated once an hour. If you update an agency, the update will take effect one hour later.
GaussDB(DWS) Agency Permissions (New)
GaussDB(DWS) provides the following agency permissions based on the APIs on which the agency operation depends:
|
Agency |
Agency Permission |
Scenario |
|---|---|---|
|
DWSAgencyAccess |
DWS Agency Access |
Minimum permissions on which GaussDB(DWS) depends when using the agency function. For example, LTS depends only on lts:groups:put, and the system policy has only the operation permission on LTS. |
You can log in to the IAM management console, choose Permission Management > Permissions, and click the "DWS Agency Access" permission to view the complete dependency information.
GaussDB(DWS) Agency Permissions (Old)
The following table describes the dependency scenarios of the old agency permissions.
|
Agency |
Agency Permission |
Scenario |
|---|---|---|
|
DWSAccessLTS |
LTS FullAccess |
LTS collects and reports logs to LTS. |
|
DWSAccessOBS |
OBS Administrator |
Audit log dump: reports audit logs to OBS buckets. |
|
DWSAccessKMS |
KMS Administrator |
Used to query and rotate keys in a KMS encrypted cluster. |
|
DWSAccessVPC |
Server Administrator |
If a node is faulty, the EIP is automatically migrated from the faulty node to a normal node. |
|
DWSAccessDWS |
Tenant Administrator |
|
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
