检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Figure 2 Getting permissions Authorization on IAM Log in to the IAM console. In the navigation pane, choose Permissions > Policies/Roles. On the displayed page, click Create Custom Policy. Create a permission policy for the subuser to view DLI Flink jobs.
Region-specific projects: IAM users will be able to use resources in the selected region-specific projects based on assigned permissions. Enterprise projects: IAM users will be able to use resources in the selected enterprise projects based on assigned permissions.
With IAM, you can use your HUAWEI CLOUD account to create IAM users for your employees, and assign permissions to the users to control their access to specific resource types.
Username/Project Name If you select User, enter the IAM username when adding a user to the database. NOTE: The username is an existing IAM user name and has logged in to the DLI management console. If you select Project, select the project to be authorized in the current region.
HetuEngine does not support IAM user authorization and requires resource authorization provided by the DLI console. Solution Grant users the permission to create tables by referring to Managing Database Permissions. Parent topic: DLI Permissions Management
IAM Identity and Access Management (IAM) authenticates access to DLI. For details about related operations, see Creating an IAM User and Granting Permissions and Creating a Custom Policy. CTS Cloud Trace Service (CTS) audits performed DLI operations.
Set Username to the name of the desired IAM user, and select the required permissions for the user. Click OK to. Table 1 describes the related parameters.
You can create policies in IAM to manage DLI permissions. You can use both the DLI's permission control mechanism and the IAM service for permission management.
With CTS, you can monitor high-risk and sensitive operations related to IAM in real time. If you perform such an operation when using DLI, CTS sends a notification to subscribers.
NOTE: The username is the name of an existing IAM user. Click OK. Parent topic: Managing Program Packages of Jar Jobs
IAM provides a set of DLI predefined condition keys. The following table lists the predefined condition keys of DLI.
With IAM, you can use your HUAWEI CLOUD account to create IAM users for your employees, and assign permissions to the users to control their access to specific resource types.
You have granted the IAM user the IAM and LakeFormation permissions. For details, see IAM authorization in SQL job scenarios. A shared secret has been created on the DEW console and the secret value has been stored. For details, see Creating a Shared Secret.
{Endpoint} indicates the endpoint of IAM, which can be obtained from Regions and Endpoints. { "projects": [ { "domain_id": "65382450e8f64ac0870cd180d14e684b", "is_domain": false, "parent_id": "65382450e8f64ac0870cd180d14e684b",
DLI jobs must be set and modified by the main account as IAM users do not have required permissions. You cannot view the logs for DLI jobs before configuring a bucket.
DLI jobs must be set and modified by the main account as IAM users do not have required permissions. You cannot view the logs for DLI jobs before configuring a bucket.
On the API Credentials page, obtain the account name, account ID, IAM username, and IAM user ID, and obtain the project and its ID from the project list. - Click Test to check whether the parameters are correctly configured.
Deny", "Action": [ "iam:agencies:update*", "iam:agencies:delete*", "iam:agencies:create*" ] } ] } Step 6: Create a Notebook Instance in the DLI Elastic Resource Pool On the DLI elastic resource pool
Function Description Phase Documentation 1 IAM fine-grained authorization DLI supports fine-grained authorization through IAM. Commercial use Creating a Custom Policy 2 Support for Flink 1.10 DLI supports Flink 1.10. Commercial use Apache Flink Documentation March 2020 No.
When using a token for authentication, cache it to prevent frequently calling the IAM API.
