DSC Permissions and Supported Actions
This section describes how to use IAM for fine-grained DSC permissions management. If your Huawei Cloud account does not need individual IAM users, skip over this section.
By default, new IAM users do not have any permissions. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.
You can grant users permissions by using roles and policies. Roles are provided by IAM to define service-based permissions depending on user's job responsibilities. Policies are a type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions
Supported Actions
DSC provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control.
- Permissions: Statements in a policy that allow or deny certain operations
- Actions: Added to a custom policy to control permissions for specific operations
Permission |
Action |
---|---|
Querying the OBS asset list |
dsc:obsAsset:list |
Updating identification rules |
scanRule:update |
Adding big data assets |
dsc:bigdataAsset:create |
Viewing the identification rule list |
dsc:scanRule:list |
Adding OBS assets |
dsc:obsAsset:create |
Querying the RDS DB instance list |
dsc:rds:list |
Deleting databases |
dsc:databaseAsset:delete |
Adding identification rules |
dsc:scanRule:create |
Deleting identification tasks |
dsc:scanTask:delete |
Querying DSC permissions |
dsc:authorization:get |
Querying RDS database list |
dsc:rdsDatabase:list |
Modifying identification tasks |
dsc:scanTask:update |
Querying the Cloud Search Service (CSS) list |
dsc:css:list |
Creating identification tasks |
dsc:scanTask:create |
Granting operation permissions to DSC users |
dsc:authorization:grant |
Querying the big data asset list |
dsc:bigdataAsset:list |
Querying the identification task list |
dsc:scanTask:list |
Adding databases |
dsc:databaseAsset:create |
Deleting identification tasks |
dsc:scanRule:delete |
Querying the database list |
dsc:databaseAsset:list |
Deleting OBS assets |
dsc:obsAsset:delete |
Deleting big data assets |
dsc:bigdataAsset:delete |
Operating DSC common resources |
dsc:common:operate |
Querying DSC common resources |
dsc:common:list |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot