检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Region-specific projects: IAM users will be able to use resources in the selected region-specific projects based on assigned permissions. Enterprise projects: IAM users will be able to use resources in the selected enterprise projects based on assigned permissions.
With IAM, you can use your HUAWEI CLOUD account to create IAM users for your employees, and assign permissions to the users to control their access to specific resource types.
Username/Project Name If you select User, enter the IAM username when adding a user to the database. NOTE: The username is an existing IAM user name and has logged in to the DLI management console. If you select Project, select the project to be authorized in the current region.
HetuEngine does not support IAM user authorization and requires resource authorization provided by the DLI console. Solution Grant users the permission to create tables by referring to Managing Database Permissions. Parent topic: DLI Permissions Management
IAM Identity and Access Management (IAM) authenticates access to DLI. For details about related operations, see Creating an IAM User and Granting Permissions and Creating a Custom Policy. CTS Cloud Trace Service (CTS) audits performed DLI operations.
Set Username to the name of the desired IAM user, and select the required permissions for the user. Click OK to. Table 1 describes the related parameters.
You can create policies in IAM to manage DLI permissions. You can use both the DLI's permission control mechanism and the IAM service for permission management.
With CTS, you can monitor high-risk and sensitive operations related to IAM in real time. If you perform such an operation when using DLI, CTS sends a notification to subscribers.
NOTE: The username is the name of an existing IAM user. Click OK. Parent topic: Managing Program Packages of Jar Jobs
IAM provides a set of DLI predefined condition keys. The following table lists the predefined condition keys of DLI.
{Endpoint} indicates the endpoint of IAM, which can be obtained from Regions and Endpoints. { "projects": [ { "domain_id": "65382450e8f64ac0870cd180d14e684b", "is_domain": false, "parent_id": "65382450e8f64ac0870cd180d14e684b",
To obtain the IAM endpoint and region name in the message body, see Regions and Endpoints. An example request message is as follows: Replace content in italic in the sample code with the actual values.
With IAM, you can use your HUAWEI CLOUD account to create IAM users for your employees, and assign permissions to the users to control their access to specific resource types.
DLI jobs must be set and modified by the main account as IAM users do not have required permissions. You cannot view the logs for DLI jobs before configuring a bucket.
DLI jobs must be set and modified by the main account as IAM users do not have required permissions. You cannot view the logs for DLI jobs before configuring a bucket.
On the API Credentials page, obtain the account name, account ID, IAM username, and IAM user ID, and obtain the project and its ID from the project list. - Click Test to check whether the parameters are correctly configured.
Function Description Phase Documentation 1 IAM fine-grained authorization DLI supports fine-grained authorization through IAM. Commercial use Creating a Custom Policy 2 Support for Flink 1.10 DLI supports Flink 1.10. Commercial use Apache Flink Documentation March 2020 No.
DLI jobs must be set and modified by the main account as IAM users do not have required permissions. You cannot view the logs for DLI jobs before configuring a bucket.
When using a token for authentication, cache it to prevent frequently calling the IAM API.
IAM policies prioritize deny permissions over allow permissions, which means that even if there are allow permissions, the presence of deny permissions will result in authorization failure. Solution Find the DLI job bucket on the OBS management console.
