Roles
Roles are a coarse-grained authorization strategy that defines permissions by job responsibility. Only a limited number of service-level roles are available for authorization. Roles are not ideal for fine-grained authorization and least privilege access.
Huawei Cloud services often depend on each other. When you grant permissions using roles, you also need to attach any existing role dependencies. For more information, see Assigning Dependency Roles.
Notes and Constraints
Roles cannot be used for permissions assignment in enterprise project authorization.
Role Content
When using roles to assign permissions, you can select a role and click 
to view the details of the role. This section uses the DNS Administrator role as an example to describe the role content.
{
"Version": "1.0",
"Statement": [
{
"Action": [
"DNS:Zone:*",
"DNS:RecordSet:*",
"DNS:PTRRecord:*"
],
"Effect": "Allow"
}
],
"Depends": [
{
"catalog": "BASE",
"display_name": "Tenant Guest"
},
{
"catalog": "VPC",
"display_name": "VPC Administrator"
}
]
}
Parameter Description
|
Parameter |
Description |
Value |
|
|---|---|---|---|
|
Version |
Role version. |
1.0: indicates role-based access control. |
|
|
Statement |
Action |
Operations to be performed on the service. |
Format: "Service name:Resource type:Operation". DNS:Zone:*: Permissions for performing all operations on Domain Name Service (DNS) zones. |
|
Effect |
Determines whether to allow or deny the operations defined in the action. |
NOTE:
If an action has both Allow and Deny effects, the Deny effect takes precedence. |
|
|
Depends |
catalog |
Name of the service to which a dependency role belongs. |
Service name. Example: BASE and VPC. |
|
display_name |
Name of the dependency role. |
Role name.
NOTE:
When you assign the DNS Administrator role to a user group, you also need to assign the Tenant Guest and VPC Administrator roles to the group for the same project. For more information about dependencies, see System-defined Permissions. |
|
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
