Help Center/ ModelArts/ ModelArts Studio (MaaS) User Guide/ Configuring ModelArts Studio (MaaS) Access Authorization/ Configuring the Missing ModelArts Studio (MaaS) Permissions
Updated on 2025-10-27 GMT+08:00
View PDF
Share

Configuring the Missing ModelArts Studio (MaaS) Permissions

Users working with MaaS services might face problems like wrong or incomplete permission setups, which trigger alerts on the MaaS console. These errors can block key features and harm the overall experience. If you are unsure how to fix these permission-related warnings, refer to this guide for clear steps. Addressing missing permissions quickly ensures smoother service performance and avoids disruptions caused by insufficient access.

Prerequisites

A permission error message is displayed on the MaaS console.

Billing

Authorization is free. But using data storage, importing models, or deploying services may incur fees because they rely on OBS and SWR. For details, see Billing Overview.

Scenario 1: Adding Dependency Authorization

Access to MaaS features requires authorization from OBS and SWR. Authenticate with OBS and SWR to enable data storage, model import, and service deployment.

A message appears at the top of the ModelArts Studio (MaaS) console if dependency authorization has not been configured, prompting you to configure it.

Tenant user: Click Authorize access to go to the permissions management page on the ModelArts console and add dependency service permissions. For details, see Configuring Agency Authorization for MaaS.

IAM user: Contact the administrator.

Figure 1 Dependency authorization prompt

Scenario 2: Adding Missing Permissions Using the Tenant Account

A permission error message appears at the top of the ModelArts Studio (MaaS) console if necessary permissions are not granted.

Figure 2 Permissions missing

You can click View missing permissions in the pop-up prompt. In the Service Permissions Missing dialog box, select Existing authorization or New authorization as required, and click OK.

Figure 3 Service permissions missing

Scenario 3: Adding Missing Permissions Using an IAM Account

The ModelArts Studio (MaaS) console will display an Access Denied dialog box if you lack necessary permissions. Create a custom policy, assign it to the target user group, review any missing service permissions, and contact your administrator to configure the necessary permissions.

Figure 4 Access Denied dialog box

For details about the missing permissions, see Table 1. For details, see Actions.

Table 1 Missing permissions

Permission

Description

iam:permissions:listRolesForAgencyOnDomain

Querying permissions of an agency for a global service project

iam:permissions:listRolesForAgencyOnProject

Querying permissions of an agency for a region-specific project

iam:permissions:listRolesForAgency

Querying all permissions of an agency

iam:agencies:getAgency

Querying agency details

iam:agencies:listAgencies

Querying agencies in specified conditions
  1. Create a custom policy.
    1. In the Access Denied dialog box, click Copy as the IAM user to save the missing permissions and click OK.
      Figure 5 Access Denied
    2. Hover over your account in the upper right corner and click Identity and Access Management.
    3. Log in to the IAM console as an administrator. In the navigation pane, choose Permissions > Policies/Roles.
    4. On the Policies/Roles page, click Create Custom Policy in the upper right corner.
    5. On the Create Custom Policy page, configure parameters and click OK.
      Figure 6 Creating a custom policy
      Table 2 Parameters for creating a custom policy

      Parameter

      Description

      Example

      Policy Name

      Enter a policy name.

      policykl631g

      Policy View

      Click JSON.

      JSON

      Policy Content

      Paste the permission policy saved in Step 1.a in [] of the Statement parameter and click Format Content to format the content.

      		 
      {
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iam:permissions:listRolesForAgencyOnDomain",
                "iam:permissions:listRolesForAgencyOnProject",
                "iam:permissions:listRolesForAgency",
                "iam:agencies:getAgency",
                "iam:agencies:listAgencies"
            ]
        }
    ]
}

      Description

      Enter a policy description.

      N/A

      Scope

      Use the default value Global services.

      Global services
  2. Add the custom policy to the target user group as an administrator.
    1. In the navigation pane of the IAM console, choose User Groups.
    2. On the User Groups page, search for the target user group and click Authorize in the Operation column.
      Figure 7 Authorize
    3. On the displayed page, select the policy created in step 1, click Next, select the authorization scope as required, and click OK.
      Figure 8 Authorization page
    4. In the Information dialog box, read the information carefully and click OK.
  3. Log in to the console as the IAM user and check whether the Access Denied dialog box disappears.
    • If the dialog box disappears, the permission configuration is successful and you can use MaaS.
    • If the Service Permissions Missing dialog box is displayed, go to the next step.
  4. Review and configure the missing service permissions.
    1. Log in to the ModelArts Studio (MaaS) console as the IAM user and click View missing permissions in the upper part of the page. In the Service Permissions Missing dialog box, view the missing service permissions.
      Figure 9 Service permissions missing
    2. Contact the administrator to configure the missing service permissions. For details, see Configuring Agency Authorization for MaaS.

FAQs