检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating an IAM user and logging in: Create an IAM user and add it to the user group to obtain permissions. Log in to the ModelArts Studio (MaaS) console as an IAM user and use resources within the permissions scope. For details, see Creating an IAM User and Logging In.
After creating a user group on the IAM console, grant the custom policy created in 1 to the user group. Create a user on the IAM console and add the user to the group created in 3.
Assigning SFS Turbo Folder-Level Access Permissions to an IAM User Scenario Grant access permission of specific SFS Turbo folders to IAM users. Granting the IAM user the SFS Turbo folder-level access permission is a whitelist function.
Viewing the Notebook Instances of All IAM Users Under One Tenant Account Any IAM user granted with the listAllNotebooks and listUsers permissions can click View all on the notebook page to view the instances of all IAM users in the current IAM project.
IAM This section describes the IAM permission configurations for all ModelArts functions.
ModelArts and Other Services IAM ModelArts uses Identity and Access Management (IAM) for authentication and authorization. For more information about IAM, see the Identity and Access Management Documentation.
Select IAM user. Authorized To This parameter is not displayed when Authorized User is set to All users. IAM user: Select an IAM user and configure an agency for the IAM user.
How Do I Isolate IAM Users on a Notebook Instance? In a development environment, multiple IAM users may require isolation, and they don't want their notebook instances to be viewed, modified, or deleted by others.
Step 3 Configuring Agent-based ModelArts Access Authorization After assigning IAM permissions, configure ModelArts access authorization for IAM users on the ModelArts page so that ModelArts can access dependent services such as OBS, SWR, and IEF.
IAM user: Select an IAM user and configure an agency for the IAM user. Figure 1 Selecting an IAM user Federated user: Enter the username or user ID of the target federated user. Figure 2 Selecting a federated user Agency: Select an agency name.
This section describes how to create a user group and IAM users and add the IAM users to the user group.
This section describes how to assign the permissions to use cloud services to all IAM users in a user group. On the user group list page of IAM, click Authorize of the target user group. The Authorize User Group page is displayed.
Assigning the Required Permissions Any IAM user granted with the listAllNotebooks and listUsers permissions can click View all on the notebook page to view the instances of all IAM users in the current IAM project.
IAM user: Select an IAM user and configure an agency for the IAM user. Figure 1 Selecting an IAM user Federated user: Enter the username or user ID of the target federated user. Figure 2 Selecting a federated user Agency: Select an agency name.
Only the sub-users (IAM users) of the account can register and use the SWR images if the image type is Private. Other users can register and use SWR images only when the image type is Public.
For example, the endpoint of IAM in the CN-Hong Kong region is iam.ap-southeast-1.myhuaweicloud.com. resource-path Access path of an API for performing a specified operation. Obtain the value from the URI of an API.
Table 1 Service authorization Target Service Description IAM Permission Mandatory ModelArts Assign permissions to IAM users for using ModelArts.
Assigning the Required Permissions Any IAM user granted with the listAllNotebooks and listUsers permissions can click View all on the notebook page to view the instances of all IAM users in the current IAM project.
Policies that contain actions only for IAM projects can be used and applied to IAM only.
Before using this API, the administrator must have the Security Administrator permission configured in IAM, and access keys must be configured for the IAM users.
