Sharing
Introduction to Function Sharing
Based on the Resource Access Manager (RAM) service, FunctionGraph allows you to share functions across accounts. Function owners can specify sharing permissions based on the least privilege principle and usage requirements, so that principals can only access functions within permissions. This improves function security. For more information about the RAM service, see What Is RAM?.
If your account is managed by Huawei Cloud Organizations, you can share functions more easily. If your account is in an organization, you can share functions either with individual accounts or with all accounts in the organization or in an organization unit (OU) without having to enumerate each account. For details, see Enabling Sharing with Organizations.
Constraints
The prerequisites and constraints for sharing functions are as follows:
- You must be the function owner. You cannot share the functions shared by others.
- You need to enable Sharing with Organizations to share functions with your organizations or OU. For more information, see Enabling Sharing with Organizations.
- A principal can accept a maximum of 50 shared functions.
Creating a Function Share
The function owner needs to create a resource share on the RAM management console. For details, see Creating a Resource Share.
- To specify resource share details, set the Resource Type to functiongraph:function.
- After the function share is created, principals need to accept the share invitation within a specified period before using the functions. For details, see Responding to a Resource Sharing Invitation.
Viewing Share Details
Log in to the FunctionGraph console and choose Functions > Function List > Shared Functions to view functions shared by other accounts.
- If you are a function owner, you can find the corresponding share on the RAM management console based on the share name and view the resource status, permissions, and principals. For details, see Viewing a Resource Share.
- If you are a function principal, you can find the corresponding share on the RAM management console based on the share name and view the resource status, permissions, and owners. For details, see Viewing Resources Shared with You.
Using the Shared Functions
- Return to the FunctionGraph console and choose Functions > Function List > Shared Functions.
- In the list of functions shared by other accounts, click a function name to view and execute the function.
Before using the shared functions, you need to accept the invitation on the RAM management console. For details, see Responding to a Resource Sharing Invitation.
Stopping a Share
- If a function share is no longer needed, the owner can delete it at any time. The shared functions will not be deleted. After a function share is deleted, the specified principals cannot use the functions in the share. For details, see Deleting a Resource Share.
- The owner can update a function share at any time, including updating its name, description, tags, shared functions, permissions, and principals. For details, see Updating a Resource Share.
- You can leave the function share if you do not need it. But the functions in the share will no longer be accessible then.
You can leave a function share only if your account is an individual Huawei Cloud account instead of a part of an organization. For details, see Leaving a Resource Share.
Permissions of Shared Functions
The owner and principal have different operation permissions on shared functions, as shown in Table 1.
Supported Resource Types and Regions
Table 2 lists the resource types that can be shared by FunctionGraph and the regions where the share is supported.
Billing
None.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot