Identity Authentication and Access Control
IAM Identity Authentication
Workspace enables fine-grained permission management via IAM, providing identity authentication, role assignment, and access control for secure resource access.
You can use your account to create IAM users, and assign permissions to the IAM users to control their access to specific resources. IAM permissions define which actions are allowed or denied on your cloud resources.
- For details about permission management, see Permissions.
- For details about Workspace permissions, see Creating an IAM User and Granting Permissions to Use Workspace.
- For details about custom policies, see Workspace Custom Policies
Project and Enterprise Project
You can group, manage, and isolate resources by project or enterprise project to control resource access and manage permissions by organization like enterprise, department, or project team.
- Project
Projects in IAM are used to group and isolate resources. Resources in your account must be mounted under projects. A project can be a department or a project team. Multiple projects can be created in one account.
- Enterprise Project
Enterprise projects are used to categorize and manage multiple resources. Resources in different regions can belong to one enterprise project. An enterprise can classify resources by department or project group and put relevant resources into one enterprise project for easy management. Resources can be migrated between enterprise projects.
- Differences Between Projects and Enterprise Projects
- IAM Project
IAM projects can group and physically isolate resources. Resources cannot be transferred between IAM projects. They can only be deleted and then provisioned again.
- Enterprise Project
Enterprise projects provide more advanced functions than IAM projects and can be used to group and manage resources of different IAM projects of an enterprise. An enterprise project can contain resources in more than one region, and resources can be transferred between enterprise projects. If you have enabled enterprise management, you cannot create IAM projects anymore and can only manage existing projects. In the future, enterprise projects will replace IAM projects.
Both projects and enterprise projects can be managed by one or more user groups. Users who manage enterprise projects are in user groups. After a policy is granted to a user group, users in the group can obtain the permissions defined in the policy in the project or enterprise project.
For details about how to create an enterprise project and assign permissions, see Enterprise Projects.
- IAM Project
Access Control
- VPC
Virtual Private Cloud (VPC) allows you to provision logically isolated virtual networks for Workspace. You can define security groups, virtual private networks (VPNs), IP address segments, and bandwidth for a VPC. This facilitates internal network configuration and management and allows you to change your network in a secure and convenient network manner. You can also define rules to control communications between cloud desktops in the same security group or across different security groups.
- Security Group
A security group is a collection of access control rules for Workspace that has the same security requirements and are mutually trusted. You can define different access control rules for a security group, and these rules are then applied to Workspace added to this security group.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
