หน้านี้ยังไม่พร้อมใช้งานในภาษาท้องถิ่นของคุณ เรากำลังพยายามอย่างหนักเพื่อเพิ่มเวอร์ชันภาษาอื่น ๆ เพิ่มเติม ขอบคุณสำหรับการสนับสนุนเสมอมา
- What's New
- Function Overview
- Service Overview
- Billing
- Getting Started
-
User Guide
- Enhanced Hyperledger Fabric BCS Management
- Best Practices
-
Developer Guide
- Overview
- Chaincode Development
- Application Development
- Demos
-
Blockchain Middleware APIs
- Overview
- Chaincode Invoking (OBT)
-
Chaincode Management
- Obtaining a Token
- Installing a Chaincode
- Instantiating a Chaincode
- Listing Installed Chaincodes
- Querying Version of a Specified Chaincode
- Querying Chaincode Installation Information
- Querying Chaincode Instantiation Information
- Querying an Appchain
- Listing Blocks
- Listing Transactions
- Querying Transaction Quantity
- Listing Block Transactions
- Querying Transaction Details
- Querying Peers
- Querying diskUsage of a Node
- Querying the System-Hosted Certificate Status
- Deleting a Chaincode
- Downloading a Report
- Distributed Identity (OBT)
- Trusted Data Exchange (OBT)
- Appendix
-
API Reference
- Before You Start
- API Overview
- Examples
- Calling APIs
-
APIs (Enhanced Hyperledger Fabric)
-
BCS Management
- Creating a BCS Service
- Querying Creation Status of a BCS Service
- Querying a BCS Service
- Modifying a BCS Service
- Creating Channels
- Querying Channel Information
- Adding Peers to a Channel
- Removing Organizations from a Channel
- Downloading Certificates
- Downloading the SDK Configuration
- Generating a User Certificate
- Unfreezing a User Certificate
- Freezing a User Certificate
- Querying Quotas
- Querying Flavors
- Querying Peer Information
- Querying Asynchronous Operation Results
- Querying the BCS Service List
- Deleting a BCS Service
- Removing a Peer from a Channel
- Deleting a Channel
- BCS Consortium
- BCS Monitoring
-
BCS Management
- Permissions Policies and Supported Actions
- Appendix
- Change History
- SDK Reference
-
FAQs
-
Enhanced Hyperledger Fabric
- Billing
-
Instance Management
-
Consultation
- How Do I Determine Whether a Blockchain Is Necessary?
- What Underlying Framework Is Used for Huawei Cloud BCS?
- Can BCS Instances Deployed on the Public Cloud Access Blockchain Nodes on Other Clouds?
- What Competitive Advantages Does Huawei Cloud BCS Have?
- In Which Direction and What Capabilities Will Huawei Cloud BCS Develop?
- What Are the Specifications of VMs to Be Purchased for BCS?
- How Do I Get Access to the Partners of Huawei Cloud BCS for More Services?
- What Are the Differences Between Channel Isolation and Privacy Protection?
- How Well Does BCS Perform?
- Does BCS Support Customized Development?
- When Do I Need to Hibernate or Wake an Instance?
-
Service Usage
- Which Ports of a Security Group Are Opened When I Create a BCS Instance?
- How Do I Check Whether the ICAgent Is Installed for the Cluster?
- What Can I Do If I Can't Open the Blockchain Management Console?
- What Should I Do If My BCS Instance Remains in the Creating State?
- What Should I Do If a Peer Restarts Frequently with the Error Message "PanicDB not exist"?
- What Can I Do If the CPU Usage of a Blockchain Node Reaches 100%?
- Why Can't I Log In to the Blockchain Management Console?
- BCS.4009100: System Error
- How Can I Obtain Private Keys and Certificates for Enhanced Hyperledger Fabric Blockchains?
- Why Does Chaincode Instantiation Fail When I Deploy a Fabric v1.4 Instance Using a v1.19 CCE Cluster?
- Can All Blocks Be Saved As More and More Blocks Are Created?
-
What Can I Do If I Fail to Purchase a BCS Instance?
- General Checks
-
Detailed Checks
- CCE Cluster Quota Used Up
- Failed to Create a Cluster
- Failed to Create a PVC
- Cluster Already In Use
- SFS Turbo File System Quota Exceeded
- No EIP Bound
- CCE Is Abnormal
- Cluster Status Is Abnormal
- Subnet Unavailable
- Quick Deployment in Progress
- CCE Status Check Times Out
- Insufficient Master Nodes in the AZ of the CCE Cluster
-
Abnormal Instance Statuses
- What Can I Do If a BCS Instance Is in the Abnormal State?
- What Can I Do If a BCS Instance Is in the Unknown State?
- What Can I Do If a BCS Instance Is in the EIP abnormal State?
- What Can I Do If a BCS Instance Is in the Frozen or Cluster frozen State?
- What Can I Do If the BCS Instance and the peer-xxx StatefulSet Are Abnormal After an Organization or a Peer Is Added?
- Other Issues
-
Consultation
- Chaincode Management
- Data Storage to the Blockchain
- Demos and APIs
- O&M and Monitoring
- Consortium Management
-
Enhanced Hyperledger Fabric
- Videos
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Managing Enhanced Hyperledger Fabric Instances
-
FAQs
-
BCS FAQs
-
Instance Management
-
Consultation
- How Do I Determine Whether a Blockchain Is Necessary?
- What Underlying Framework Is Used for BCS?
- What Competitive Advantages Does BCS Have?
- What Are the Specifications of VMs to Be Created for BCS?
- What Are the Differences Between Channel Isolation and Privacy Protection?
- How Well Does BCS Perform?
- When Do I Need to Hibernate or Wake an Instance?
-
Service Usage
- How Do I Check Whether the ICAgent Is Installed for the Cluster?
- What Can I Do If I Can't Open the Blockchain Management Console?
- What Should I Do If My BCS Instance Remains in the Creating State?
- What Should I Do If a Peer Restarts Frequently with the Error Message "PanicDB not exist"?
- What Can I Do If the CPU Usage of a Blockchain Node Reaches 100%?
- Why Can't I Log In to the Blockchain Management Console?
- BCS.4009100: System Error
- How Can I Obtain Private Keys and Certificates for Enhanced Hyperledger Fabric Blockchains?
- Can All Blocks Be Saved As More and More Blocks Are Created?
- Abnormal Instance Statuses
- Other Issues
-
Consultation
- Chaincode Management
- Data Storage to the Blockchain
- Demos and APIs
- O&M and Monitoring
- Consortium Management
-
Instance Management
-
BCS FAQs
- Change History
- Developer Guide (ME-Abu Dhabi Region)
-
User Guide (ME-Abu Dhabi Region)
- General Reference
Show all
Copied.
Permissions Management
If you need to assign different permissions to employees in your enterprise to access your BCS resources, Identity and Access Management (IAM) is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your Huawei Cloud resources.
With IAM, you can use your Huawei Cloud account to create IAM users, and assign permissions to the users to control their access to specific resources. For example, some software developers in your enterprise need to use BCS resources but should not be allowed to delete the resources or perform any other high-risk operations. In this scenario, you can create IAM users for the software developers and grant them only the permissions required for using BCS resources. For details about permission management and configuration, see Permissions Management for enhanced Hyperledger Fabric.
If your Huawei Cloud account does not require individual IAM users for permissions management, skip this section.
IAM is free of charge. You pay only for the resources you use.
You can grant users permissions by using roles and policies.
- Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. This mechanism provides only a limited number of service-level roles for authorization. When using roles to grant permissions, you also need to assign other roles on which the permissions depend to take effect. However, roles are not an ideal choice for fine-grained authorization and secure access control.
- Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for more flexible policy-based authorization, meeting requirements for secure access control. For example, you can grant ECS users only the permissions for managing a certain type of ECSs.
Enhanced Hyperledger Fabric
By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.
BCS is a project-level service deployed and accessed in specific physical regions. To assign BCS permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect. If All projects is selected, the permissions will take effect for the user group in all region-specific projects. Switch to a region where you have been authorized to access BCS.
Table 1 lists the system-defined policy supported by enhanced Hyperledger Fabric.
|
Role/Policy Name |
Description |
Type |
Dependency |
|---|---|---|---|
|
BCS Administrator |
Full operation permissions for enhanced Hyperledger Fabric BCS |
System-defined role |
Tenant Guest, Server Administrator, ELB Administrator, SFS Administrator, SWR Admin, APM FullAccess, AOM FullAccess, CCE Administrator, VPC Administrator, EVS Administrator, and CCE Cluster Admin |
|
BCS Fabric FullAccess |
Full permissions for enhanced Hyperledger Fabric BCS |
System-defined policy |
None |
|
BCS Fabric ReadOnlyAccess |
Read-only permissions for enhanced Hyperledger Fabric BCS |
System-defined policy |
None |
- BCS Fabric FullAccess content:
{ "Version": "1.1", "Statement": [ { "Action": [ "bcs:fabric*:*", "cce:*:*", "ecs:*:*", "evs:*:*", "vpc:*:*", "elb:*:*", "aom:*:*", "apm:*:*", "rds:*:*", "dms:*:*", "sfs:*:*", "sfsturbo:*:*", "cloudIDE:*:*" ], "Effect": "Allow" } ] } - BCS Fabric ReadOnlyAccess content:
{ "Version": "1.1", "Statement": [ { "Action": [ "bcs:fabric*:get*", "bcs:fabric*:list*", "cce:*:get*", "cce:*:list*", "ecs:*:get*", "ecs:*:list*", "evs:*:get*", "evs:*:list*", "vpc:*:get*", "vpc:*:list*", "elb:*:get*", "elb:*:list*", "aom:*:get*", "aom:*:list*", "apm:*:get*", "apm:*:list*", "rds:*:get*", "rds:*:list*", "dms:*:get*", "dms:*:list*", "sfs:*:get*", "sfsturbo:*:get*", "cloudIDE:*:get*", "cloudIDE:*:list*" ], "Effect": "Allow" } ] }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
