Identity Authentication and Access Control
Identity Authentication
You can access DEW through the DEW console, APIs, or SDK. Regardless of the access method, requests are sent through the REST APIs provided by DEW.
DEW APIs support multiple types of authentication requests. Take AK/SK as an example. An authenticated request must contain a signature value. The signature value is calculated based on the requestor's access key as the encryption factor and the specific information carried in the request body. OBS supports authentication using an AK/SK pair. It uses AK/SK-based encryption to authenticate requests. For details, see Authentication.
Access Control
- DEW uses Identity and Access Management (IAM) to implement refined access control. By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and assign permissions policies to these groups. After authorization, the user can perform specified operations on cloud services based on the permissions. For details, see Permission Control.
- For KMS subservices, you can configure their permissions on the KMS console. You can create grants for other IAM users or accounts to use their CMKs. You can create up to 100 grants on a CMK. For details, see Managing a Grant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
