このページは、お客様の言語ではご利用いただけません。Huawei Cloudは、より多くの言語バージョンを追加するために懸命に取り組んでいます。ご協力ありがとうございました。
- What's New
- Product Bulletin
- Service Overview
- Getting Started
-
User Guide
- Edge Computing with IEF
- Service Instances
-
User Guide (Professional)
- Node Management
-
End Device Management
- End Devices and Device Twins
- Device Templates
- End Devices
- Binding an End Device to an Edge Node
- Device Twin Working Principles
- Migrating Device Data to the Cloud
- Performing Security Authentication Using Certificate
-
MQTT Topics
- Device Twin Update
- Device Twin Delta
- Device Member Update
- Device Property Update
- Device Member Acquisition
- Device Member Acquisition Result
- Device Twin Acquisition
- Device Twin Acquisition Result
- Device Twin Modification
- Device Twin Modification Result
- Encryption Data Request
- Encryption Data Acquisition
- Alarm Reporting
- Alarm Clearance
- Custom Topics
- Containerized Application Management
- Edge-Cloud Messages
- Batch Management
- Auditing
- Permissions Management
-
User Guide (Platinum)
- Node Management
-
End Device Management
- End Devices and Device Twins
- Device Templates
- End Devices
- Binding an End Device to an Edge Node
- Device Twin Working Principles
- Migrating Device Data to the Cloud
- Performing Security Authentication Using Certificate
-
MQTT Topics
- Device Twin Update
- Device Twin Delta
- Device Member Update
- Device Property Update
- Device Member Acquisition
- Device Member Acquisition Result
- Device Twin Acquisition
- Device Twin Acquisition Result
- Device Twin Modification
- Device Twin Modification Result
- Encryption Data Request
- Encryption Data Acquisition
- Alarm Reporting
- Alarm Clearance
- Custom Topics
- Containerized Application Management
- Application Mesh
- Edge-Cloud Messages
- Batch Management
- Auditing
- Permissions Management
- Best Practices
-
API Reference
- Before You Start
- API Overview
- Calling APIs
-
API
-
Edge Node Management
- Registering an Edge Node
- Updating an Edge Node
- Querying Details About an Edge Node
- Querying a List of Edge Nodes
- Deleting an Edge Node
- Starting or Stopping an Edge Node
- Updating End Devices for an Edge Node
- Querying Node Certificates
- Creating a Node Certificate
- Deleting a Node Certificate
- Performing an Edge Node Upgrade Check
- Upgrading Edge Nodes
- End Device Management
- End Device Template Management
-
Application Template Management
- Creating an Application Template
- Updating an Application Template
- Querying Details About an Application Template
- Querying a List of Application Templates
- Deleting an Application Template
- Creating an Application Template Version
- Updating an Application Template Version
- Querying Details About an Application Template Version
- Querying a List of Application Template Versions
- Deleting an Application Version
- Deployment Management
- Tag Management
- ConfigMap Management
- Secret Management
- Endpoint Management
- Rule Management
- System Subscription Event Management
- Batch Node Management
- Batch Job Management
- Quota Management
- Service Management
-
Edge Node Management
- Data Structure
- Permissions Policies and Supported Actions
- Appendix
- Change History
- SDK Reference
-
FAQs
-
Edge Node FAQs
- What Do I Do If an Edge Node Is Faulty?
- What Are the Fault Scenarios of Edge Nodes?
- What Do I Do If Edge Node Management Fails?
- How Do I Obtain the Latest Device Properties After Device Properties Are Updated?
- What Operations Can I Perform After a Device Is Associated with a Node?
- Does an Edge Node Support Multiple GPUs?
- Can I Change the GPU on a Running Edge Node?
- How Is Edge Environment Security Protected?
- Why Cannot I View Monitoring Data on an Edge Node?
- How Can I Restore a Deleted Edge Node?
- What Is the Impact of IP Address Changing on an Edge Node?
- What Do I Do If the NTP Configuration Cannot Be Modified?
- How Do I Synchronize Time with the NTP Server?
- How Do I Obtain the IP Addresses of IEF Cloud Services?
- What Do I Do If the Edge Node Space Is Insufficient?
- How Do I Set Docker Cgroup Driver After Installing Docker on an Edge Node?
-
Edge Application FAQs
- What Do I Do If an Application Fails to Be Delivered to an Edge Node?
- What Do I Do If a Containerized Application Fails to Be Started on an Edge Node?
- What Do I Do If a Containerized Application Fails to Be Upgraded?
- What Do I Do If a Container Image Fails to Be Pulled?
- Why Cannot I View Application Logs and System Logs?
- How Do Applications Schedule GPU Resources?
- How Do I Control the Disk Space Occupied by a Container Engine?
- What Do I Do If a Containerized Application Cannot Access External IP Addresses
- What Do I Do If the Ascend AI Accelerator Card (NPU) Is Abnormal?
-
Edge-Cloud Message FAQs
- What Is Route Management?
- What Is a Message Endpoint in Route Management?
- What Is a Route?
- Why Does a Route Fail to Be Created?
- What Can I Do If a Message Fails to Be Forwarded over a Route?
- What Is the Impact of Disabling a Route?
- What Can I Do If SystemEventBus (MQTT Broker) of an Edge Node Fails to Be Connected?
- Network Management FAQs
- Basic Concept FAQs
-
Others
- Region and AZ
- What Are the Specifications of Edge Nodes Supported by IEF?
- What Are the Differences Between Device Properties and Device Twins?
- What Programming Language Is Required for IEF Development?
- Do I Need to Prepare Edge Nodes by Myself?
- Can I Still Use the Previously Delivered Applications After My Account Is in Arrears?
- What Are the Differences Between IEF and IoT Edge?
- What Do I Do If an Agency Fails to Be Automatically Created?
- How Can I Deal With Insufficient Permissions?
- How Will the Multi-AZ Reconstruction of SWR Application Container Image Data Affect IEF?
-
Edge Node FAQs
-
Edgectl User Guide
- Overview
- Installing edgectl
- Example: Using edgectl to Run Commands
-
edgectl Commands
- Querying the edgectl Version
- Managing the Product Lifecycle
-
Checking an Item
- Checking the Hardware Architecture
- Checking the CPU
- Checking the Memory
- Checking Hard Disks
- Checking the Domain Name Resolution Function
- Checking Docker
- Checking Network Connectivity
- Checking the Installation Status of the IEF Software
- Checking the Running Status of the IEF Software
- Checking GPUs
- Checking NPUs
- Checking Processes
-
Error Codes
- Error Code Overview
- Common Errors
- Permission Errors
-
OS Errors
- ERROR3001 Failed to obtain the hardware architecture
- ERROR3002 Unsupported hardware architecture
- ERROR3101 Failed to obtain the CPU information of the node
- ERROR3102 Failed to obtain the real-time CPU status of the node
- ERROR3103 Insufficient node CPU
- ERROR3201 Failed to obtain the memory information of the node
- ERROR3202 Insufficient node memory
- ERROR3301 Failed to obtain the disk information of the node
- ERROR3302 Insufficient disk space on the node
- ERROR3401 Failed to resolve the domain name
- ERROR3501 Failed to check the network
- ERROR3601 Failed to obtain the process information of the node
- ERROR3602 Failed to obtain the total number of processes on the node
- ERROR3603 Number of remaining processes on the node is insufficient
-
IEF Software Errors
- ERROR5001 Incomplete IEF software installation
- ERROR5002 IEF software is not completely running
- ERROR5003 Failed to read the IEF software configuration file
- ERROR5004 Docker is not enabled for the IEF software
- ERROR5005 Failed to start the IEF software
- ERROR5006 Failed to stop the IEF software
- ERROR5101 No application data found
- ERROR5102 No status data of the application found
- ERROR5103 Container is not started
- ERROR5104 Container exits abnormally
- ERROR5105 Failed to pull the container image
- ERROR5106 Container exits
- Third-Party Dependency Errors
- Data Collection Errors
- Internal Errors
- Videos
- General Reference
Show all
Copied.
Permissions Management
If you need to assign different permissions to employees in your enterprise to access your IEF resources, Identity and Access Management (IAM) is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your Huawei Cloud resources.
With IAM, you can use your account to create IAM users for your employees, and assign permissions to the users to control their access to specific resource types. For example, some software developers in your enterprise need to use IEF resources but must not delete them or perform any high-risk operations. To achieve this result, you can create IAM users for the software developers and grant them only the permissions required for using IEF resources.
If your Huawei Cloud account does not require individual IAM users for permissions management, skip this section.
IAM is a free service. You only pay for the resources in your account. For more information about IAM, see the IAM Service Overview.
IEF Permissions
New IAM users do not have any permissions assigned by default. You need to first add them to one or more groups and then attach policies or roles to these groups. The users then inherit permissions from the groups and can perform specified operations on cloud services based on the permissions they have been assigned.
IEF is a project-level service deployed for specific regions. To assign IEF permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect. If All projects is selected, the permissions will take effect for the user group in all region-specific projects. When accessing IEF, the users need to switch to the authorized region.
You can grant permissions by using roles and policies.
- Roles: A coarse-grained authorization strategy that defines permissions by job responsibility. Users with the Tenant Administrator role can perform operations on all IEF resources.
- Policies: A fine-grained authorization strategy that defines permissions required to perform operations on specific cloud resources under certain conditions. This type of authorization is more flexible and is ideal for least privilege access. Most policies define permissions based on APIs.
Table 1 lists all the system-defined permissions for IEF.
|
System Role/Policy Name |
Description |
Type |
Dependencies |
|---|---|---|---|
|
IEF FullAccess |
Administrator permissions for IEF. Users with these permissions can perform all operations on basic IEF resources. Note: To perform operations on all IEF resources, configure the Tenant Administrator role. |
System-defined policy |
None |
|
IEF ReadOnlyAccess |
Read-only permissions for IEF. Users with these permissions can only view IEF resources. |
System-defined policy |
None |
Table 2 lists the common operations supported by system-defined permissions for IEF.
|
Operation |
IEF FullAccess |
IEF ReadOnlyAccess |
Tenant Administrator |
|---|---|---|---|
|
Creating, deleting, or modifying an instance |
√ |
x |
√ |
|
Querying an instance |
√ |
√ |
√ |
|
Switching an instance |
√ |
√ |
√ |
|
Creating, deleting, or modifying an edge node |
√ |
x |
√ |
|
Viewing an edge node |
√ |
√ |
√ |
|
Creating, deleting, or modifying an edge node group |
√ |
x |
√ |
|
Viewing an edge node group |
√ |
√ |
√ |
|
Creating, deleting, or modifying an edge containerized application |
√ |
x |
√ |
|
Viewing an edge containerized application |
√ |
√ |
√ |
|
Creating, deleting, or modifying a device |
√ |
x |
√ |
|
Viewing a device |
√ |
√ |
√ |
|
Creating, deleting, or modifying an application deployment |
√ |
x |
√ |
|
Viewing an application deployment |
√ |
√ |
√ |
|
Creating, deleting, or modifying an application template |
√ |
x |
√ |
|
Viewing an application template |
√ |
√ |
√ |
|
Creating, deleting, or modifying a node registration job |
√ |
x |
√ |
|
Viewing a node registration job |
√ |
√ |
√ |
|
Creating, deleting, or modifying a message endpoint |
√ |
x |
√ |
|
Viewing a message endpoint |
√ |
√ |
√ |
|
Creating, deleting, or modifying a message route |
√ |
x |
√ |
|
Viewing a message route |
√ |
√ |
√ |
|
Creating, deleting, or modifying a batch job |
√ |
x |
√ |
|
Viewing a batch job |
√ |
√ |
√ |
|
Creating, deleting, or modifying a ConfigMap |
√ |
x |
√ |
|
Viewing a ConfigMap |
√ |
√ |
√ |
|
Creating, deleting, or modifying a key |
√ |
x |
√ |
|
Viewing a key |
√ |
√ |
√ |
|
Creating, deleting, or modifying encrypted data |
√ |
x |
√ |
|
View encrypted data |
√ |
√ |
√ |
|
Creating, deleting, or modifying a system subscription |
√ |
x |
√ |
|
Viewing a system subscription |
√ |
√ |
√ |
|
Creating, deleting, or modifying a plug-in |
√ |
x |
√ |
|
Viewing a plug-in |
√ |
√ |
√ |
Helpful Links
- IAM Service Overview
- Create a user group and users. Grant IEF permissions to them. For details, see Creating a User and Granting Permissions.
- Permissions Policies and Supported Actions
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
