检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Create a user group on the IAM console, and assign the DLI ReadOnlyAccess permission to the group. Create an IAM user. Create a user on the IAM console and add the user to the group created in 1. Log in and verify permissions.
IAM is free to use, and you only need to pay for the resources in your account. For more information about IAM, see the IAM Service Overview. If your Huawei Cloud account does not need individual IAM users for permissions management, skip over this section.
Creating an IAM User and Granting Permissions To manage fine-grained permissions for your DLI resources using IAM, create an IAM user and grant them permissions to DLI if you are an enterprise user. For details, see Creating an IAM User and Granting Permissions.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview. DLI Permissions By default, new IAM users do not have permissions assigned.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
IAM or enterprise projects: Type of projects for which an action will take effect. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management.
DLI supports importing data from OBS buckets shared by IAM users under the same tenant, but not from OBS buckets shared by other tenants. This ensures data security and isolation.
So, the permissions contained in the IAM ReadOnlyAccess policy are required. IAM ReadOnlyAccess is a global policy. Make sure you select this policy.
Create IAM users. Alternatively, create IAM users to execute different types of jobs. For how to create IAM users, see Creating an IAM User. In addition, DLI also provides job management functions, including editing, starting, stopping, deleting, exporting, and importing jobs.
System-defined policy For details about the authorization mode, see Creating an IAM User and Granting Permissions, Creating an IAM User, and Policies. DLI ReadOnlyAccess Read-only permissions for DLI.
Table 2 Permissions contained in the dli_management_agency agency Policy Description IAM ReadOnlyAccess To authorize IAM users who have not logged in to DLI, you need to obtain their information. So, the permissions contained in the IAM ReadOnlyAccess policy are required.
Check IAM permissions.
Granting permissions on packages Figure 2 Granting permissions on package groups Table 2 Permission parameters Parameter Description Username Name of the authorized IAM user. NOTE: The username is the name of an existing IAM user.
However, the IAM user who runs the Flink SQL job does not have the OBS write permission. Solution Log in to the IAM console, search for the IAM user who runs the job in the upper left corner of the Users page.
For security purposes, create IAM users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
Username/Project If you select User, enter the IAM username when granting table permissions to the user. NOTE: The username is an existing IAM user name and has logged in to the DLI management console.
Figure 2 Granting permissions of a global variable to a user Table 2 Global variable parameters Parameter Description Username Name of the IAM user who is granted permissions NOTE: This username must be an existing IAM username.
Figure 1 Granting permissions on datasource connections Table 1 Permission granting parameters Parameter Description Username Name of the IAM user to whom permissions on the datasource connection are to be granted. NOTE: The username is the name of an existing IAM user.
Preparations Configuring DLI Agency Permissions Creating an IAM User and Granting Permissions Configuring a DLI Job Bucket
Figure 2 Getting permissions Authorization on IAM Log in to the IAM console. In the navigation pane, choose Permissions > Policies/Roles. On the displayed page, click Create Custom Policy. Create a permission policy for the subuser to view DLI Flink jobs.
