检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Table 1 Service authorizations Target Service Authorization Description IAM Permission Mandatory ModelArts This permission allows IAM users to use ModelArts.
An IAM User Cannot Select an Existing SFS Turbo File System When Using a Dedicated Resource Pool to Create a Training Job The IAM user cannot view existing SFS Turbo file systems due to insufficient permissions.
After creating a user group on the IAM console, grant the custom policy created in 1 to the user group. Create a user on the IAM console and add the user to the group created in 3.
Assigning SFS Turbo Folder-Level Access Permissions to an IAM User Scenario Grant access permission of specific SFS Turbo folders to IAM users. Granting the IAM user the SFS Turbo folder-level access permission is a whitelist function.
What Do I Do If Error ModelArts.0010 Occurred When I Use ExeML to Start Training as an IAM User? Use the ACL permission assigned by the tenant account for the OBS bucket used by ModelArts. Parent topic: Training Models
Viewing the Notebook Instances of All IAM Users Under One Tenant Account Any IAM user granted with the listAllNotebooks and listUsers permissions can click View all on the notebook page to view the instances of all IAM users in the current IAM project.
IAM This section describes the IAM permission configurations for all ModelArts functions.
How Do I Isolate IAM Users for Using Development Environments? There are two methods to prevent IAM users from viewing, modifying, or deleting notebook instances created by others: Solution 1: Delete the modelarts:notebook:listAllNotebooks permission.
ModelArts and Other Services IAM ModelArts uses Identity and Access Management (IAM) for authentication and authorization. For more information about IAM, see the Identity and Access Management Documentation.
Step 3 Configuring Agent-based ModelArts Access Authorization After assigning IAM permissions, configure ModelArts access authorization for IAM users on the ModelArts page so that ModelArts can access dependent services such as OBS, SWR, and IEF.
How Do I View an Account ID and IAM User ID? Use your IAM account to log in to Huawei Cloud. In the upper right corner of the page, click Console. The HUAWEI CLOUD management console is displayed.
IAM user: Select an IAM user and configure an agency for the IAM user. Figure 1 Selecting an IAM user Federated user: Enter the username or user ID of the target federated user. Figure 2 Selecting a federated user Agency: Select an agency name.
IAM ModelArts uses Identity and Access Management (IAM) for authentication and authorization. For more information about IAM, see Identity and Access Management User Guide.
This section describes how to create a user group and IAM users and add the IAM users to the user group.
This section describes how to assign the permissions to use cloud services to all IAM users in a user group. On the user group list page of IAM, click Authorize of the target user group. The Authorize User Group page is displayed.
Assigning the Required Permissions Any IAM user granted with the listAllNotebooks and listUsers permissions can click View all on the notebook page to view the instances of all IAM users in the current IAM project.
Creating a User and Granting Permissions This section describes how to use IAM to implement fine-grained permissions control for your ModelArts resources. With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise.
Table 1 Service authorization Target Service Description IAM Permission Mandatory ModelArts Assign permissions to IAM users for using ModelArts.
Assigning the Required Permissions Any IAM user granted with the listAllNotebooks and listUsers permissions can click View all on the notebook page to view the instances of all IAM users in the current IAM project.
Policies that contain actions only for IAM projects can be used and applied to IAM only.
