Permission Management
ESM Permissions
New IAM users do not come with default permissions, so add them to one or more groups and then attach policies or roles to these groups to grant specific operation permissions on cloud services.
You can grant permissions to a role or by creating a policy.
- Roles: A coarse-grained IAM authorization strategy to assign permissions based on user responsibilities. IAM provides a limited number of roles for permission management. When grant permissions to a role, you also need to assign other roles on which the permissions depend. Roles are not an ideal choice for fine-grained authorization and secure access control.
- Policies: A fine-grained authorization tool that defines permissions for operations on specific cloud resources under certain conditions. This mechanism enables more flexible authorization and meets secure access control requirements. Most policies define permissions based on APIs. For API actions supported by ESM, see ESM policies and supported actions.
Table 1 lists all the system policies supported by ESM.
|
Policy |
Description |
Type |
Suggestion |
|---|---|---|---|
|
ESM FullAccess |
Administrator permission on all ESM functions |
System policy |
Assign this policy to administrators who create or deregister tenants. |
|
ESM ReadOnlyAccess |
Read-only permission on ESM |
System policy |
Assign this policy to administrators who use dashboards. |
Supported Actions
Actions supported by a system policy vary depending on APIs in use.
- Permissions: statements in a policy that allow or deny certain operations
- Actions: actions supported by system policies
|
Policy |
Permission |
Action |
|---|---|---|
|
ESM FullAccess |
HCS Online site management |
esm:hcso:get esm:hcso:list esm:hcso:update |
|
HCS Online tenant management |
esm:hcsoTenant:create esm:hcsoTenant:delete esm:hcsoTenant:get esm:hcsoTenant:list esm:hcsoTenant:update esm:hcsoTenantOwnerUser:create esm:hcsoTenantOwnerUser:update |
|
|
HCS Online project query |
esm:hcsoProject:list |
|
|
Quota management |
esm:hcsoQuota:get esm:hcsoQuota:update |
|
|
Visualization |
esm:hcsoDashboard:use |
|
|
Alarm notification management |
esm:hcsoDashboard:create esm:hcsoDashboard:get esm:hcsoDashboard:delete esm:hcsoDashboard:update esm:hcsoDashboard:list |
|
|
Logo update |
esm:DashboardLogo:put |
|
|
ESM ReadOnlyAccess |
Read-only for HCS Online sites |
esm:hcso:get esm:hcso:list |
|
Read-only for HCS Online tenants |
esm:hcsoTenant:get esm:hcsoTenant:list |
|
|
HCS Online project query |
esm:hcsoProject:list |
|
|
Read-only quota |
esm:hcsoQuota:get |
|
|
Visualization |
esm:hcsoDashboard:use |
|
|
Read-only alarm notification |
esm:hcsoDashboard:get esm:hcsoDashboard:list |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
