Permissions and Supported Actions
You can use Identity and Access Management (IAM) for fine-grained permissions management of your KooPhone. If your Huawei Cloud account does not need individual IAM users, you can skip this section.
New IAM users do not have any permissions assigned by default. You need to first add them to one or more groups and attach policies or roles to these groups. The users then inherit permissions from the groups and can perform specified operations on cloud services based on the permissions they have been assigned.
You can grant users permissions by using roles and policies. Roles are provided by IAM to define service-based permissions that match users' job responsibilities. Policies define API-based permissions for operations on specific resources under certain conditions, allowing for more fine-grained, secure access control of cloud resources.
Use policy-based authorization if you want to allow or deny the access to an API.
Each account has all the permissions required to call all APIs, but IAM users must be granted the required permissions. The required permissions are determined by the actions supported by the API. Only users with the policies allowing for those actions can call the API successfully. For example, if an IAM user wants to call an API to query ECSs, the user must be granted the permissions allowing for action ecs:servers:list.
Supported Actions
Table 1 lists all the system roles supported by KooPhone.
|
Role/Policy Name |
Description |
Role Type |
Role Content |
|---|---|---|---|
|
KooPhone Administrator |
Role that has all KooPhone operation rights. Users of this role can have all permissions supported by KooPhone. |
System-defined roles |
|
|
KooPhone ReadOnlyUser |
User who has the read-only permission on KooPhone. |
System-defined roles |
Table 2 lists the common operations supported by system-defined permissions for KooPhone. You can choose proper permissions according to this table.
|
Operation |
KooPhone Administrator |
KooPhone ReadOnlyUser |
|---|---|---|
|
Purchase cloud phones |
√ |
× |
|
View organizations and users details |
√ |
√ |
|
Create organizations |
√ |
× |
|
Add departments |
√ |
× |
|
Add members |
√ |
× |
|
Query cloud phone instances (name and specifications) |
√ |
√ |
|
Set parameters in the instance list |
√ |
× |
|
Restart cloud phone instances |
√ |
× |
|
Power on cloud phone instances |
√ |
× |
|
Power off cloud phone instances |
√ |
× |
|
Renew the service |
√ |
× |
|
Unsubscribe from the service |
√ |
× |
|
Uninstall an application |
√ |
× |
|
Delete cloud phone instances |
√ |
× |
|
Bind/Unbind a user |
√ |
× |
|
Query details about a deployment |
√ |
√ |
|
Upload an application |
√ |
× |
|
Uninstall an application |
√ |
× |
|
Install an application |
√ |
× |
|
Query security control details |
√ |
√ |
|
Enable anti-screen capture |
√ |
× |
|
Disable anti-screen capture |
√ |
× |
|
Enable video watermark |
√ |
× |
|
Disable video watermark |
√ |
× |
|
Delete application blacklists/whitelists in batches |
√ |
× |
|
Create an application blacklist/whitelist |
√ |
× |
|
Enable the application blacklist/whitelist |
√ |
× |
|
Disable the application blacklist/whitelist |
√ |
× |
|
Modify an application blacklist/whitelist |
√ |
× |
|
Delete an application blacklist/whitelist |
√ |
× |
|
Enable encrypted transmission |
√ |
× |
|
Disable encrypted transmission |
√ |
× |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
