Help Center/ DataArts Studio/ Service Overview/ Security/ Identity Authentication and Access Control

Updated on 2024-11-05 GMT+08:00

View PDF

Identity Authentication and Access Control

Identity Authentication

You can access DataArts Studio through the DataArts Studio console or open APIs. In either way, access requests are sent through the RESTful APIs provided by DataArts Studio.

DataArts Studio APIs can be accessed upon successful authentication. Requests sent through the console can be authenticated using tokens, and requests for calling APIs can be authenticated using tokens or AK/SK. For details, see Authentication.

Access Control

You can use Identity and Access Management (IAM) to implement fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your HUAWEI CLOUD resources. For more information about IAM, see the IAM Service Overview.

DataArts Studio supports only system role-based authorization and does not support policy-based authorization. To implement fine-grained permission control, DataArts Studio provides the capability of granting permissions to system roles and workspace roles. Specific operation permissions are granted to workspace roles, and workspace roles with different permissions can be customized.

As shown in Figure 1 and Table 1, the system-defined roles supported by DataArts Studio include DAYU Administrator and DAYU User. Workspace roles are based on the DAYU User. Permissions lists the common operations supported by DataArts Studio and the permissions granted to each role. You can select roles as required.

Figure 1 Permission system
Click to enlarge

**Table 1** DataArts Studio system-defined roles
Role	Description	Type
DAYU Administrator	Instance administrator who has all management permissions on a DataArts Studio instance and its workspaces, permissions of dependent services, and service operation permissions in all workspaces. NOTE: Users assigned the Tenant Administrator role have all permissions for all services except IAM. In other words, users with the Tenant Administrator role can perform all operations in DataArts Studio.	System-defined role
DAYU User	Common user who has permissions to view a DataArts Studio instance and its workspaces, and the permissions of dependent services. After assigned a role, a common user has permissions of the role to perform service operations. Workspace roles include the preset admin, developer, deployer, operator, and viewer. For details about the operation permissions of each role, see Permissions. Admin: This role has all operation permissions in a workspace. You are advised to assign the admin role to the project owner, development owner, and O&M administrator. Developer: This role has permissions to create and manage resources in a workspace. You are advised to assign this role to users who develop and process tasks. Operator: This role has the operation permissions of services such as O&M and scheduling in a workspace, but cannot modify resources or configurations. You are advised to assign this role to users responsible for O&M management and status monitoring. Viewer: This role can view data in a workspace but cannot perform any other operation. You are advised to assign this role to users who only need to view data in a workspace but do not need to perform operations. Deployer: This role is unique to the enterprise mode and has permissions to release task packages in a workspace. In enterprise mode, when a developer submits a script or job version, the system generates a release task. After the developer confirms the release and the deployer approves the release request, the modified job is synchronized to the production environment.	System-defined role