Help Center/ Data Encryption Workshop/ Service Overview/ Security/ Identity Authentication and Access Control
Updated on 2022-11-15 GMT+08:00

Identity Authentication and Access Control

Identity Authentication

You can access DEW through the DEW console, APIs, or SDK. Regardless of the access method, requests are sent through the REST APIs provided by DEW.

DEW APIs support multiple types of authentication requests. Take AK/SK as an example. An authenticated request must contain a signature value. The signature value is calculated based on the requestor's access key as the encryption factor and the specific information carried in the request body. OBS supports authentication using an AK/SK pair. It uses AK/SK-based encryption to authenticate requests. For details, see Authentication.

Access Control

  • DEW uses Identity and Access Management (IAM) to implement refined access control. By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and assign permissions policies to these groups. After authorization, the user can perform specified operations on cloud services based on the permissions. For details, see Permission Control.
  • For KMS subservices, you can configure their permissions on the KMS console. You can create grants for other IAM users or accounts to use their CMKs. You can create up to 100 grants on a CMK. For details, see Managing a Grant.