IAM-based Permissions Management
If you need to assign different permissions to employees in your enterprise to access your CodeArts Check resources, you can use Identity and Access Management (IAM) to manage fine-grained permissions. IAM provides identity authentication, fine-grained permissions management, and access control. IAM helps you secure access to your Huawei Cloud resources. If your HUAWEI ID does not require IAM for permissions management, you can skip this section.
IAM is a free service. You only pay for the resources in your account.
With IAM, you can control access to specific Huawei Cloud resources. For example, you can grant the CodeArts Check use permission to software developers while disabling their permissions to delete CodeArts Check resources or perform high-risk operations.
IAM supports identity policy-based authorization. For details, see Table 1.
|
Authorization Model |
Core Relationship |
Permissions |
Authorization Method |
Scenario |
|---|---|---|---|---|
|
Identity policy |
User-policy |
|
|
You can authorize a user by attaching an identity policy to it. User-specific authorization and a variety of key conditions allow for more fine-grained permissions control. However, this model can be hard to set up. It requires a certain amount of expertise and is suitable for medium- and large-sized enterprises. |
For example, the administrator needs to create one custom identity policy, configure the condition key g:RequestedRegion for the policy, and then attach the policy to the users or grant the users the permissions. This permission configuration mode is more fine-grained and flexible.
Identity Policy-based Authorization
CodeArts Check supports identity policy-based authorization. Table 2 lists all system-defined identity policies for CodeArts Check.
|
Identity Policy Name |
Description |
Type |
|---|---|---|
|
CodeArtsCheckReadOnlyPolicy |
Read-only permission for CodeArts Check |
System-defined identity policies |
|
CodeArtsCheckFullAccessPolicy |
Full permissions for CodeArts Check |
System-defined identity policies |
Table 3 lists common operations supported by system-defined identity policies of CodeArts Check.
|
Operation |
CodeArtsCheckReadOnlyPolicy |
CodeArtsCheckFullAccessPolicy |
|---|---|---|
|
Viewing task |
√ |
√ |
|
Viewing task report |
√ |
√ |
|
Viewing rule set |
√ |
√ |
|
Viewing rule |
√ |
√ |
|
Viewing project-level configuration |
√ |
√ |
|
Viewing tenant-level configuration |
√ |
√ |
|
Creating task |
× |
√ |
|
Updating task |
× |
√ |
|
Deleting task |
× |
√ |
|
Executing task |
× |
√ |
|
Updating task report status |
× |
√ |
|
Creating rule set |
× |
√ |
|
Updating rule set |
× |
√ |
|
Deleting rule set |
× |
√ |
|
Setting default rule set for project |
× |
√ |
|
Creating custom rule |
× |
√ |
|
Updating custom rule |
× |
√ |
|
Deleting custom rule |
× |
√ |
|
Modifying project-level configuration |
× |
√ |
|
Modifying tenant-level configuration |
× |
√ |
|
Viewing task list of project |
√ |
√ |
|
Viewing task list of all projects |
√ |
√ |
|
Viewing rule set list |
√ |
√ |
|
Viewing rule list |
√ |
√ |
Helpful Links
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
