Actions Supported by Policies
This section describes the actions supported by DataArts Fabric policies.
Supported Actions
DataArts Fabric provides two types of policies: system-defined policies and custom policies. If system-defined policies do not meet your requirements, you can create custom policies and apply them to user groups for refined access control. The following are related concepts:
- Permissions: Statements in a policy that allow or deny certain operations.
- APIs: REST APIs that can be called in a custom policy.
- Actions: Specific operations that are allowed or denied by a custom policy. You can specify actions in a custom policy to control the permissions of IAM users.
- Related actions: Actions on which a specific action depends to take effect. When assigning permissions for the action to a user, you also need to assign permissions for the related actions.
- IAM projects/Enterprise projects: The authorization scope of a custom policy. Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only. Administrators can check whether an action supports IAM projects or enterprise projects in the action list. For details about the differences between IAM and enterprise projects, see Differences Between IAM and Enterprise Management.
DataArts Fabric supports the following actions in custom policies:
Lifecycle Management
Permission |
API |
Action |
Related Action |
IAM Project (Project) |
Enterprise Project (Enterprise Project) |
---|---|---|---|---|---|
Listing workspaces |
GET /v1/workspaces |
DataArtsFabric:workspace:list |
- |
√ |
√ |
Creating a workspace |
POST /v1/workspaces |
DataArtsFabric:workspace:create |
lakeformation:instance:describe |
√ |
√ |
Modifying a workspace |
PUT /v1/workspaces/{workspace_id} |
DataArtsFabric:workspace:alter |
lakeformation:instance:describe |
√ |
× |
Modifying workspace monitoring configurations |
PUT /v1/workspaces/{workspace_id}/metrics |
DataArtsFabric:workspace:alterMetrics |
- |
√ |
× |
Deleting a workspace |
DELETE /v1/workspaces/{workspace_id} |
DataArtsFabric:workspace:drop |
- |
√ |
× |
Querying compute resources |
GET /v1/workspaces/{workspace_id}/computes |
DataArtsFabric:workspace:listCompute |
- |
√ |
× |
Creating a computing resource |
POST /v1/workspaces/{workspace_id}/computes |
DataArtsFabric:workspace:createCompute |
- |
√ |
× |
Modifying a compute resource |
PUT /v1/workspaces/{workspace_id}/computes/{compute_id} |
DataArtsFabric:workspace:alterCompute |
- |
√ |
× |
Deleting a compute resource |
DELETE /v1/workspaces/{workspace_id}/computes/{compute_id} |
DataArtsFabric:workspace:dropCompute |
- |
√ |
× |
Listing the endpoints of a workspace |
GET /v1/workspaces/{workspace_id}/endpoints |
DataArtsFabric:endpoint:list |
- |
√ |
× |
Creating an endpoint for a workspace |
POST /v1/workspaces/{workspace_id}/endpoints |
DataArtsFabric:endpoint:create |
- |
√ |
× |
Querying the endpoint details of a workspace |
GET /v1/workspaces/{workspace_id}/endpoints/{endpoint_id} |
DataArtsFabric:endpoint:show |
- |
√ |
× |
Modifying an endpoint of a workspace |
PUT /v1/workspaces/{workspace_id}/endpoints/{endpoint_id} |
DataArtsFabric:endpoint:alter |
- |
√ |
× |
Deleting an endpoint of a workspace |
DELETE /v1/workspaces/{workspace_id}/endpoints/{endpoint_id} |
DataArtsFabric:endpoint:drop |
DataArtsFabric:job:listJobInstance DataArtsFabric:service:listInstance |
√ |
× |
Subscribing to a public endpoint |
POST /v1/workspaces/{workspace_id}/endpoints/{endpoint_id}/subscribe |
DataArtsFabric:endpoint:subscribe |
- |
√ |
× |
Listing jobs |
GET /v1/workspaces/{workspace_id}/jobs |
DataArtsFabric:job:list |
- |
√ |
× |
Creating a job |
POST /v1/workspaces/{workspace_id}/jobs |
DataArtsFabric:job:create |
- |
√ |
× |
Querying a job |
GET /v1/workspaces/{workspace_id}/jobs/{job_id}/versions |
DataArtsFabric:job:show |
- |
√ |
× |
Modifying a job |
PUT /v1/workspaces/{workspace_id}/jobs/{job_id} |
DataArtsFabric:job:alter |
- |
√ |
× |
Deleting a job |
DELETE /v1/workspaces/{workspace_id}/jobs/{job_id} |
DataArtsFabric:job:drop |
DataArtsFabric:job:listJobInstance |
√ |
× |
Creating a model |
POST /v1/workspaces/{workspace_id}/models |
DataArtsFabric:model:create |
obs:bucket:HeadBucket obs:bucket:ListBucketVersions obs:bucket:ListAllMyBuckets obs:bucket:ListBucket |
√ |
× |
Listing models |
GET /v1/workspaces/{workspace_id}/models |
DataArtsFabric:model:list |
- |
√ |
× |
Querying a model |
GET /v1/workspaces/{workspace_id}/models/{model_id}/versions |
DataArtsFabric:model:show |
- |
√ |
× |
Deleting a model |
DELETE /v1/workspaces/{workspace_id}/models/{model_id}/versions |
DataArtsFabric:model:drop |
DataArtsFabric:service:listInstance |
√ |
× |
Modifying a model |
PUT /v1/workspaces/{workspace_id}/models/{model_id}/versions |
DataArtsFabric:model:alter |
- |
√ |
× |
Creating a tag |
POST /v1/{project_id}/fabric-workspace/{workspace_id}/tags/create |
DataArtsFabric:workspace:tagResource |
- |
√ |
× |
Deleting a tag |
POST /v1/{project_id}/fabric-workspace/{workspace_id}/tags/delete |
DataArtsFabric:workspace:unTagResource |
- |
√ |
× |
Listing tags |
GET /v1/{project_id}/fabric-workspace/tags |
DataArtsFabric:workspace:listTags |
- |
√ |
× |
Querying tags of a specific resource |
GET /v1/{project_id}/fabric-workspace/{workspace_id}/tags |
DataArtsFabric:workspace:listTagsForResource |
- |
√ |
× |
Listing resources by tag |
POST /v1/{project_id}/fabric-workspace/resource-instances/filter |
DataArtsFabric:workspace:listResourcesByTag |
- |
√ |
√ |
Creating a notification policy |
POST /v1/workspaces/{workspace_id}/messages |
DataArtsFabric:workspace:createMessagePolicy |
iam:agencies:listAgencies iam:roles:listRoles iam:permissions:listRolesForAgency smn:topic:list |
√ |
× |
Listing notification policies |
GET /v1/workspaces/{workspace_id}/messages |
DataArtsFabric:workspace:listMessagePolicy |
- |
√ |
× |
Deleting a notification policy |
DELETE /v1/workspaces/{workspace_id}/messages/{message_policy_id} |
DataArtsFabric:workspace:deleteMessagePolicy |
- |
√ |
× |
Listing running jobs |
GET /v1/workspaces/{workspace_id}/jobs/runs |
DataArtsFabric:job:listJobInstance |
DataArtsFabric:workspace:list |
√ |
× |
Running a job |
POST /v1/workspaces/{workspace_id}/jobs/runs |
DataArtsFabric:job:run |
DataArtsFabric:workspace:list DataArtsFabric:endpoint:show |
√ |
× |
Querying a running job |
GET /v1/workspaces/{workspace_id}/jobs/runs/{run_id} |
DataArtsFabric:job:showJobInstance |
DataArtsFabric:workspace:list DataArtsFabric:endpoint:show |
√ |
× |
Deleting a running job |
DELETE /v1/workspaces/{workspace_id}/jobs/runs/{run_id} |
DataArtsFabric:job:dropJobInstance |
DataArtsFabric:workspace:list DataArtsFabric:endpoint:show |
√ |
× |
Canceling a running job |
POST /v1/workspaces/{workspace_id}/jobs/runs/{run_id}/cancel |
DataArtsFabric:job:cancelJobInstance |
DataArtsFabric:workspace:list DataArtsFabric:endpoint:show |
√ |
× |
Invoking an inference service instance |
POST /v1/workspaces/{workspace_id}/services/instances/{instance_id}/invocations |
DataArtsFabric:model:inference |
DataArtsFabric:workspace:list DataArtsFabric:endpoint:show |
√ |
× |
Listing routes |
GET /v1/workspaces/{workspace_id}/routes |
DataArtsFabric:workspace:listRoute |
DataArtsFabric:workspace:list |
√ |
× |
Querying sessions |
POST /v1/sessions |
DataArtsFabric:workspace:showSession |
- |
√ |
× |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot