Identity Authentication and Access Control

Identity Authentication

You can access DLI through the DLI console or open APIs. In either way, access requests are sent through the RESTful APIs provided by DLI.

DLI APIs can be accessed upon successful authentication. Requests sent through the DLI console and requests for calling APIs can both be authenticated using tokens.

Access Control

You can use Identity and Access Management (IAM) to implement fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your Huawei Cloud resources.

For more information about IAM, see IAM Service Overview.

You can grant users permissions by using roles and policies.

• Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. Only a limited number of service-level roles are available. When using roles to grant permissions, you need to also assign other roles on which the permissions depend to take effect. However, roles are not an ideal choice for fine-grained authorization and secure access control.
• Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for more flexible policy-based authorization, meeting requirements for secure access control. For example, a specific user group is not allowed to delete a cluster. Only basic DLI operations (such as creating and querying jobs) are allowed.

  For details about DLI permissions, see Permission Management Overview.

The following table lists all the system permissions of DLI.