检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
However, the IAM user who runs the Flink SQL job does not have the OBS write permission. Solution Log in to the IAM console, search for the IAM user who runs the job in the upper left corner of the Users page.
Creating an IAM User and Granting Permissions To manage fine-grained permissions for your DLI resources using IAM, create an IAM user and grant them permissions to DLI if you are an enterprise user. For details, see Creating an IAM User and Granting Permissions.
Create a user group on the IAM console, and assign the DLI ReadOnlyAccess permission to the group. Create an IAM user. Create a user on the IAM console and add the user to the group created in 1. Log in and verify permissions.
IAM authentication: See "Application Scenarios of IAM Authentication" in Permissions Management. LakeFormation metadata permissions management See Connecting DLI to LakeFormation. Parent topic: Using Delta to Develop Jobs in DLI
Preparations Configuring DLI Agency Permissions Creating an IAM User and Granting Permissions Configuring a DLI Job Bucket
Check IAM permissions.
IAM or enterprise projects: Type of projects for which an action will take effect. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management.
Create IAM users. Alternatively, create IAM users to execute different types of jobs. For how to create IAM users, see Creating an IAM User. In addition, DLI also provides job management functions, including editing, starting, stopping, deleting, exporting, and importing jobs.
Figure 1 Granting permissions of a global variable to a user Table 2 Global variable parameters Parameter Description Username Name of the IAM user who is granted permissions NOTE: This username must be an existing IAM username.
So, the permissions contained in the IAM ReadOnlyAccess policy are required. IAM ReadOnlyAccess is a global policy. Make sure you select this policy.
Table 2 Permissions contained in the dli_management_agency agency Policy Description IAM ReadOnlyAccess To authorize IAM users who have not logged in to DLI, you need to obtain their information. So, the permissions contained in the IAM ReadOnlyAccess policy are required.
DLI supports importing data from OBS buckets shared by IAM users under the same tenant, but not from OBS buckets shared by other tenants. This ensures data security and isolation.
Username/Project If you select User, enter the IAM username when granting table permissions to the user. NOTE: The username is an existing IAM user name and has logged in to the DLI management console.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
Granting permissions on packages Figure 2 Granting permissions on package groups Table 2 Permission parameters Parameter Description Username Name of the authorized IAM user. NOTE: The username is the name of an existing IAM user.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview. DLI Permissions By default, new IAM users do not have permissions assigned.
For security purposes, create IAM users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
IAM is free to use, and you only need to pay for the resources in your account. For more information about IAM, see the IAM Service Overview. If your Huawei Cloud account does not need individual IAM users for permissions management, skip over this section.
System-defined policy For details about the authorization mode, see Creating an IAM User and Granting Permissions, Creating an IAM User, and Policies. DLI ReadOnlyAccess Read-only permissions for DLI.
Figure 1 Granting permissions on datasource connections Table 1 Permission granting parameters Parameter Description Username Name of the IAM user to whom permissions on the datasource connection are to be granted. NOTE: The username is the name of an existing IAM user.
