Help Center/ Huawei Qiankun CloudService/ Common Tenant Operations/ Service Use/ Tenant Account Management/ Context
Updated on 2023-05-12 GMT+08:00
View PDF
Share

Context

Huawei Qiankun supports rights- and domain-based management of tenant accounts, as shown in Figure 1. A top-level tenant account, which can function like an organization, allows you to define different lower-level workgroups and specify the permissions of users in each workgroup. For details about tenant accounts, see Account Types.

Figure 1 Rights- and domain-based management of tenant accounts

Role

A role is a collection of user operation permissions. The operation permissions of a user depend on the roles assigned when the user or workgroup is created.

The Huawei Qiankun console supports two types of user roles: public roles and service roles.

To facilitate management, the console provides preset roles for different services and supports custom roles, as listed in Table 1.

Table 1 Huawei Qiankun tenant roles

Role Type

Role Name

Description

Public role

Tenant administrator

Has the read and write permissions on all services.

Tenant auditor

Has the read permission on all services.

Tenant open application programming interface (API) operator

Has the permission to invoke APIs to perform operations on services.

Device administrator

Has the read and write permissions on security devices, network devices, and sites.

Service role

NOTE:

For more information, see "Permission Control" under Service Overview in the user guide of each service.

Common service role

Has the read and write permissions on some common services, such as service tickets and topic subscriptions.

NOTE:

Common tenant accounts (not tenant administrators or auditors) have operation permissions on specific services, such as site management, service ticket management, and subscription management, only after they are assigned the corresponding service roles.

Service name administrator

(For example, Border Protection and Response Service administrator)
  • Each cloud service has such a role.
  • The administrator has the view and edit permissions on the corresponding service.

Service name auditor

(For example, Border Protection and Response Service auditor)
  • Each cloud service has such a role.
  • The auditor has the view permissions on the corresponding service.

Service name open API operator

(For example, Border Protection and Response Service open API operator)
  • Only some cloud services have such a role.
  • Third-party system users are assigned certain operation permissions.

Custom role

Name of a custom role

You can assign permissions to such a role based on your site requirements.

Workgroup

Domain-based management is implemented on a per-workgroup basis. For example, for an enterprise with multiple branches, a workgroup can be created for each branch. Users in a workgroup can process security events and manage devices only on the branch network corresponding to the workgroup, as shown in Figure 1.

The system provides a default workgroup, which is also called a root workgroup. The first Huawei Qiankun account registered for a tenant is the administrator account of the root workgroup and acts the role of a tenant administrator with all operation permissions.

The administrator of the root workgroup can create lower-level workgroups.

  • Each workgroup has an administrator. By default, the administrator of a workgroup can create users in the same workgroup. Common users (not the administrator) in a workgroup can create users in the workgroup only after being assigned the administrator role.
  • A maximum of five levels of workgroups are supported. By default, a workgroup is created, modified, or deleted by the administrator of the upper-level workgroup. Common users in the upper-level workgroup can create, modify, or delete lower-level workgroups only after being assigned the administrator role.

User

A user refers to a person who uses the system. Information about a user includes a username, password, and permissions.

Users can be divided into the following types:

  • Local user: refers to a common user.
  • Third-party user: refers to a user who logs in to the console by invoking a northbound API. They are also known as northbound users.
  • Remote user: refers to a Huawei website user who needs to click Huawei Website Account when logging in to the Huawei Qiankun console.