Cloud Services that Support Resource-Level Authorization Using IAM
If you want to grant an IAM user permissions for specific resources, create a custom policy that contains permissions for the resources, and attach the policy to the user. The user then only has the permissions for the specified resources. For example, to grant an IAM user permissions for buckets whose names start with TestBucket, create a custom policy, specify the resource path as OBS:*:*:bucket:TestBucket*, and attach the policy to the user.
The following table lists the cloud services that support resource-level authorization and the supported resource types.
|
Service |
Resource Type |
Resource Name |
|---|---|---|
|
Elastic Cloud Server (ECS) |
instance |
ECS |
|
Elastic Volume Service (EVS) |
volume |
EVS disk |
|
bucket |
Bucket |
|
|
object |
Object |
|
|
Virtual Private Cloud (VPC) |
publicip |
EIP |
|
Software Repository for Container (SWR) |
chart |
Chart |
|
repository |
Repository |
|
|
instance |
Instance |
|
|
product |
Product |
|
|
node |
Edge node |
|
|
group |
Edge node group |
|
|
deployment |
Deployment |
|
|
batchjob |
Batch job |
|
|
application |
Application template |
|
|
appVersion |
Application template version |
|
|
IEFInstance |
IEF instance |
|
|
cluster |
Cluster |
|
|
queue |
DLI queue |
|
|
database |
DLI database |
|
|
table |
DLI table |
|
|
column |
DLI column |
|
|
datasourceauth |
DLI security authentication information |
|
|
jobs |
DLI job |
|
|
resource |
Resource package |
|
|
elasticresourcepool |
Elastic resource pool |
|
|
group |
Resource package group |
|
|
graphName |
GES graph name |
|
|
backupName |
GES backup name |
|
|
metadataName |
Metadata name |
|
|
function |
Function |
|
|
trigger |
Trigger |
|
|
Distributed Message Service (DMS) |
RabbitMQ instance |
|
|
Kafka instance |
||
|
Distributed Cache Service (DCS) |
instance |
Instance |
|
Document Database Service (DDS) |
instanceName |
Instance name |
|
Resource Formation Service (RFS) |
stack |
Stack |
|
KeyId |
Key ID |
|
|
cluster |
Cluster |
|
|
Cloud Bastion Host (CBH) |
instanceId |
Instance ID |
|
ROMA Connect |
graph |
Service flowchart |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
