检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
With IAM, you can use your HUAWEI CLOUD account to create IAM users for your employees, and assign permissions to the users to control their access to specific resource types.
You have granted the IAM user the IAM and LakeFormation permissions. For details, see IAM authorization in SQL job scenarios. A shared secret has been created on the DEW console and the secret value has been stored. For details, see Creating a Shared Secret.
{Endpoint} indicates the endpoint of IAM, which can be obtained from Regions and Endpoints. { "projects": [ { "domain_id": "65382450e8f64ac0870cd180d14e684b", "is_domain": false, "parent_id": "65382450e8f64ac0870cd180d14e684b",
Deny", "Action": [ "iam:agencies:update*", "iam:agencies:delete*", "iam:agencies:create*" ] } ] } Step 6: Create a Notebook Instance in the DLI Elastic Resource Pool Log in to the ModelArts management
DLI jobs must be set and modified by the main account as IAM users do not have required permissions. You cannot view the logs for DLI jobs before configuring a bucket.
DLI jobs must be set and modified by the main account as IAM users do not have required permissions. You cannot view the logs for DLI jobs before configuring a bucket.
On the API Credentials page, obtain the account name, account ID, IAM username, and IAM user ID, and obtain the project and its ID from the project list. - Click Test to check whether the parameters are correctly configured.
Function Description Phase Documentation 1 IAM fine-grained authorization You can mange fine-grained permissions of DLI with IAM. Commercial use Creating a Custom Policy 2 Flink 1.10 DLI now supports Flink 1.10. Commercial use Apache Flink Documentation March 2020 No.
Function Description Phase Documentation 1 IAM fine-grained authorization DLI supports fine-grained authorization through IAM. Commercial use Creating a Custom Policy 2 Support for Flink 1.10 DLI supports Flink 1.10. Commercial use Apache Flink Documentation March 2020 No.
IAM policies prioritize deny permissions over allow permissions, which means that even if there are allow permissions, the presence of deny permissions will result in authorization failure. Solution Find the DLI job bucket on the OBS management console.
When using a token for authentication, cache it to prevent frequently calling the IAM API.
DLI jobs must be set and modified by the main account as IAM users do not have required permissions. You cannot view the logs for DLI jobs before configuring a bucket.
Figure 1 Queue permission granting Table 1 Parameter descriptions Parameter Description Username Name of the user you want to grant permissions to NOTE: The username must be an existing IAM username and has been used to log in to the DLI management console.
Job templates Preset general Flink SQL templates for quick start N/A Enterprise security Configuring access control Permission control streamlined with Huawei Cloud IAM, and role-based access control N/A Space isolation Tenant-level and project-level isolation resources and code for
NOTE: This username must be an existing IAM username. In addition, the user can perform authorization operations only after logging in to the Huawei Cloud platform. Permissions to be granted to the user Select all: All permissions are selected.
Options: CU: compute unit QUEUE: resource queue DATABASE: database TABLE: table TEMPLATE: template SL_PKG_RESOURCE: Spark resource package SL_SESSION: Spark session JOB_CU: job compute unit IAM_USER: number of IAM users ELASTIC_RESOURCE_POOL: elastic resource pool min Integer Minimum
Figure 1 Configuring an agency for DLI Once configured, you can check the agency dli_management_agency in the agency list on the IAM console. Configure a DLI job bucket. Before using DLI to submit jobs, you need to configure a DLI job bucket.
To obtain the IAM endpoint and region name in the message body, see Regions and Endpoints. Here is an example request: Replace the content in italic in the sample code with the actual values.
To obtain the IAM endpoint and region name in the message body, see Regions and Endpoints. Here is an example request: Replace the content in italic in the sample code with the actual values.
Figure 1 Configuring an agency for DLI Once configured, you can check the agency dli_management_agency in the agency list on the IAM console. Configure a DLI job bucket. Before using DLI to submit jobs, you need to configure a DLI job bucket.
