检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
IAM provides the following two authorization mechanisms: Note that DataArts Studio supports only the IAM role-based authorization and does not support the IAM policy-based authorization.
For details, see Authorizing dlg_agency. dws:dbAuthority:syncIamUse iam:users:listUsers iam:groups:listGroups iam:users:listUsersForGroup GaussDB(DWS) does not support user groups.
With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing DataArts Studio resources.
APIs using the IAM authentication mode can be authorized only to apps of the IAM type. IAM: APIs using IAM authentication can be authorized to apps of this type. The name of an app of the IAM type is fixed at the a Huawei account.
To ensure that the IAM user permissions are normal, the user group to which the IAM user belongs must be assigned the DAYU User or DAYU Administrator role on the IAM console.
Authorizing an API Which Uses IAM Authentication Through a Whitelist APIs which use IAM authentication support two authorization modes: app of the IAM type and whitelist.
Why Can't I Select a Specified IAM Project When Purchasing a DataArts Studio Instance? Check whether the current account has enabled the enterprise project function. The enterprise project and IAM project cannot be enabled at the same time.
Using an API Tool to Call an API Which Uses IAM Authentication Before calling an API which uses IAM authentication, call the IAM API for obtaining a user token to obtain the token, which can be used for security authentication.
To ensure that the IAM user permissions are normal, the user group to which the IAM user belongs must be assigned the DAYU User or DAYU Administrator role on the IAM console.
For example, in the URI of the IAM API for creating an IAM user, the request method is POST.
If you want to allow another IAM user with the DAYU User permission to use your DataArts Studio instance, create an IAM user by referring to Creating an IAM User and Assigning DataArts Studio Permissions, and add the user as the workspace member and configure a role for the user by
To ensure that the IAM user permissions are normal, the user group to which the IAM user belongs must be assigned the DAYU User or DAYU Administrator role on the IAM console.
CDM can be shared with IAM users of the same tenant through authorization. To authorize an IAM user, perform the following steps: Create a user group and assign permissions Create a user group on the IAM console, and attach the CDM ReadOnlyAccess policy to the group.
Solution Check whether the permissions of the current user in IAM are changed, whether the user is removed from the user group, or whether the permission policy of the user group to which the user belongs is changed. If they are indeed changed, log in to the system again.
If you want to share a DataArts Studio instance with an IAM user with the DAYU User account permissions, prepare an IAM user by referring to Creating an IAM User and Assigning DataArts Studio Permissions, add the user as a workspace member, and assign a role to the member.
Constraints An IAM user can pass the authentication and access DataArts Studio through an API or SDK only if Programmatic access is selected for Access Type during the creation of the IAM user.
IAM iam:agencies:listAgencies Obtain job agencies.
On the API Credentials page, obtain the account name, account ID, IAM username, and IAM user ID, and obtain the project and its ID from the project list. Obtaining a Project ID by Calling an API You can obtain the project ID by calling the API to query project information.
Configuring Workspace Resource Permission Policies This section describes how to use workspace resource permission policies to implement refined permission control on all the data connections and IAM agencies (only those whose agency object is DGC) in the Management Center based on
APIs using the IAM authentication can be authorized only to apps of the IAM type. Authorizing an API to Apps An API that uses app or IAM authentication can be called only after it is authorized. Authorization can be performed by an API developer or an API caller.
