Roles
Roles are a type of coarse-grained authorization mechanism that defines service-level permissions based on user responsibilities. IAM provides a limited number of roles for permissions management.
Huawei Cloud services interwork with each other. Roles of some services take effect only if they are assigned along with roles of other services. For more information, see Assigning Dependency Roles.
Notes and Constraints
Roles cannot be used for permissions assignment in enterprise project authorization.
Role Content
When using roles to assign permissions, you can select a role and click to view the details of the role. This section uses the DNS Administrator role as an example to describe the role content.
{ "Version": "1.0", "Statement": [ { "Action": [ "DNS:Zone:*", "DNS:RecordSet:*", "DNS:PTRRecord:*" ], "Effect": "Allow" } ], "Depends": [ { "catalog": "BASE", "display_name": "Tenant Guest" }, { "catalog": "VPC", "display_name": "VPC Administrator" } ] }
Parameter Description
Parameter |
Description |
Value |
|
---|---|---|---|
Version |
Role version. |
1.0: indicates role-based access control. |
|
Statement |
Action |
Operations to be performed on the service. |
Format: "Service name:Resource type:Operation". DNS:Zone:*: Permissions for performing all operations on Domain Name Service (DNS) zones. |
Effect |
Determines whether to allow or deny the operations defined in the action. |
NOTE:
If a role grants both Allow and Deny effects for the same action, the Deny takes precedence. |
|
Depends |
catalog |
Name of the service to which a dependency role belongs. |
Service name. Example: BASE and VPC. |
display_name |
Name of the dependency role. |
Role name.
NOTE:
When you assign the DNS Administrator role to a user group, you also need to assign the Tenant Guest and VPC Administrator roles to the group for the same project. For more information about dependencies, see System Permissions. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot