检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating an IAM User and Granting SFS Turbo Permissions This section describes how to use IAM to implement fine-grained permissions control for your SFS Turbo resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Released in: all regions Creating an SFS Turbo File System Permissions Management SFS Turbo uses IAM to manage permissions. You can use IAM custom policies to grant IAM users fine-grained SFS Turbo permissions to control the read and write permissions of file systems.
Configuring Network Passthrough Between ModelArts and SFS Turbo Creating an Agency to Authorize ModelArts to Use SFS Turbo Log in to the IAM console as the IAM administrator. In the navigation pane on the left, choose Permissions > Policies/Roles.
An IAM user assigned the SFS Turbo ReadOnlyAccess policy does not need to have the VPC ReadOnlyAccess policy assigned explicitly. Procedure Log in to the SFS Turbo console. In the file system list, view the file systems you have created.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
An IAM user assigned the SFS Turbo Full Access policy does not need to have the VPC FullAccess policy assigned explicitly. To create yearly/monthly file systems, the BSS Administrator policy is required.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
When employees in your enterprise need to use SFS Turbo, the enterprise administrator can use IAM to create users and control these users' permissions on enterprise resources.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
If the permissions granted to an IAM user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.
You can use IAM to securely control access to your SFS Turbo resources. Table 1 SFS Turbo access control Method Description Reference Permissions control IAM permissions IAM permissions define which actions on your cloud resources are allowed or denied.
The token obtained from IAM is valid for only 24 hours. If you want to use one token for authentication, you can cache it to avoid frequently calling.
SFS Turbo Actions Lifecycle Management Permission API Action Dependencies IAM Project (Project) Enterprise Project (Enterprise Project) Creating a File System POST /v1/{project_id}/sfs-turbo/shares sfsturbo:shares:createShare Creating an SFS Turbo file system requires VPC-related
Obtaining Access Keys (AK/SK) To access SFS using access keys as an IAM user, the programmatic access must be enabled. For details, see Viewing or Modifying IAM User Information. When calling an API, you need to use the AK/SK to verify the signature.
Permissions Management Creating an IAM User and Granting SFS Turbo Permissions Creating a Custom Policy Managing SFS Turbo File System Permissions
IAM projects/Enterprise projects: Authorization scope of custom policies, which can be IAM projects, enterprise projects, or both.
All Permissions SFS Turbo uses Identify and Access Management (IAM) for permissions management. You can control the read and write permissions of file systems by granting IAM users fine-grained SFS Turbo permissions using IAM custom policies.
name "password": "********", // IAM user password "domain": { "name": "domainname" //Name of the account to which the IAM user belongs } } } }, "scope"
With IAM, you can use your HUAWEI ID to create IAM users, and assign permissions to the users to control their access to specific resources.
