Role/Policy-based Authorization
IAM supports role/policy-based authorization and identity policy-based authorization. For the differences between them, see Introduction.
This section describes the permissions required for calling APIs in role/policy-based authorization.
Overview
DataArts Studio supports only system role-based authorization and does not support policy-based authorization. To implement fine-grained permission control, DataArts Studio provides the capability of granting permissions to system roles and workspace roles. Specific operation permissions are granted to workspace roles, and workspace roles with different permissions can be customized.
To call an API, you must have the required role permissions. (DataArts Studio does not support system-defined policies or custom policies in role/policy-based authorization.)
- DAYU Administrator: instance administrator, who has all management permissions on DataArts Studio instances and workspaces, permissions on dependent services, and all service operation permissions in all workspaces.
- DAYU User + workspace role: common user, who has the permissions to view DataArts Studio instances and workspaces, and the permissions on dependent services. After assigned a role, the common user has permissions of the role to perform service operations. Workspace roles include the preset admin, developer, deployer, operator, and viewer. For details about the permissions of each role, see Permissions.
- DataArts Studio User + workspace role + dependent service permissions: common user, who has the permissions to view DataArts Studio instances and workspaces, but does not have the permissions on dependent services. After assigned a workspace role and the permissions of dependent services, the common user has permissions of the role to perform service operations. Workspace roles include the preset admin, developer, deployer, operator, and viewer. For details about the permissions of each role, see Permissions.
For example, an IAM user can call the API for querying the DataArts Studio instance list only if the user has been assigned one of the following roles: DAYU Administrator, DAYU User, and DataArts Studio User.
Supported Actions
Actions are not supported in role/policy-based authorization.
DataArts Studio supports system-defined roles (DAYU Administrator, DAYU User, and DataArts Studio User) but does not support system-defined policies and custom policies.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
