Updated on 2024-05-17 GMT+08:00

Permissions

If you need to grant your enterprise personnel permission to access your CodeArts PerfTest resources, use Identity and Access Management (IAM). IAM provides identity authentication, fine-grained permissions management, and access control. IAM helps you secure access to your cloud resources.

With IAM, you can create IAM users and grant them permission to access only specific resources. For example, if you want some software developers in your enterprise to be able to use CodeArts PerfTest resources but do not want them to be able to delete the resources or perform any other high-risk operations, you can create IAM users and grant permission to use the resources but not permission to delete them.

If your cloud account does not require individual IAM users for permissions management, you can skip this section.

IAM is a free service. You only pay for the resources in your account. For details, see IAM Service Overview.

CodeArts PerfTest Permissions

New IAM users do not have any permissions assigned by default. You need to first add them to one or more groups and then attach policies or roles to these groups. The users then inherit permissions from the groups and can perform specified operations on cloud services based on the permissions they have been assigned.

CodeArts PerfTest is a project-level service deployed for specific regions. To assign CodeArts PerfTest permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect. If All projects is selected, the permissions will take effect for the user group in all region-specific projects. When accessing CodeArts PerfTest, the users need to switch to the authorized region.

You can grant users permissions by using roles and policies. Currently, only authorization by roles is supported in CodeArts PerfTest.

You can grant users permissions by using roles and policies.

  • Roles: A coarse-grained authorization strategy that defines permissions by job responsibility. Only a limited number of service-level roles are available for authorization. Cloud services often depend on each other. When you grant permissions using roles, you also need to attach any existing role dependencies. Roles are not ideal for fine-grained authorization and least privilege access.
  • Policies: A fine-grained authorization strategy that defines permissions required to perform operations on specific cloud resources under certain conditions. This type of authorization is more flexible and is ideal for least privilege access. For example, you can grant users only permission to manage a certain type of ECSs. A majority of fine-grained policies contain permissions for specific APIs.

Table 1 lists all the system permissions for CodeArts PerfTest.

Table 1 System-defined permissions for CodeArts PerfTest

Role/Policy Name

Description

Type

Dependencies

CodeArts PerfTest Administrator

Users with these permissions can perform all operations on CodeArts PerfTest and test resources of the current tenant and all IAM users, such as adding, deleting, modifying, and querying resources.

System-defined role

To create, modify, or delete private resource groups, the CCE Administrator and VPCEndpoint Administrator permissions need to be assigned to users.

If the user uses only the shared resource group to perform operations, no other permissions are required.

CodeArts PerfTest Developer

Users with these permissions can perform all operations, such as adding, deleting, modifying, and querying resources, only on a user's own CodeArts PerfTest and test resources.

System-defined role

To create, modify, or delete private resource groups, the CCE Administrator and VPCEndpoint Administrator permissions need to be assigned to users.

If the user uses only the shared resource group to perform operations, no other permissions are required.

CodeArts PerfTest Operator

Users with these permissions can only read their own CodeArts PerfTest and test resources.

System-defined role

None.

CodeArts PerfTest Resource Administrator

Users with these permissions have all permissions related to test resources in CodeArts PerfTest.

System-defined role

This role must be used together with the CodeArts PerfTest Developer role, so that CodeArts PerfTest Developer can add, delete, modify, and query all private resource groups under the account.

CodeArts PerfTest Resource Developer

Users with these permissions can only view and use CodeArts PerfTest resources, but cannot create, update, or delete infrastructure resources.

System-defined role

This role must be used together with the CodeArts PerfTest Developer role, so that CodeArts PerfTest Developer can view and use all private resource groups under the account.

  • When creating test resources for the first time, you need to be authorized by your account. An agency is automatically created so that CodeArts PerfTest can perform operations on Cloud Container Engine (CCE).
  • To use CodeArts PerfTest, you must have the CodeArts PerfTest Administrator or CodeArts PerfTest Developer permission (you can only view the projects you created).
  • To manage private resource groups, you must have the CodeArts PerfTest Administrator permission or both CodeArts PerfTest Developer and CodeArts PerfTest Resource Administrator permissions.
  • To use private resource groups, you must have the CodeArts PerfTest Administrator permission or both CodeArts PerfTest Developer and CodeArts PerfTest Resource Developer permissions.
  • For details about the permissions required for using CodeArts PerfTest and their application scenarios, see What Are the Permissions Required for Using CodeArts PerfTest?.