检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing DataArts Studio resources.
IAM provides the following two authorization mechanisms: Note that DataArts Studio supports only the IAM role-based authorization and does not support the IAM policy-based authorization.
Using an API Tool to Call an API Which Uses IAM Authentication Before calling an API which uses IAM authentication, call the IAM API for obtaining a user token to obtain the token, which can be used for security authentication.
For details, see Authorizing dlg_agency. dws:dbAuthority:syncIamUse iam:users:listUsers iam:groups:listGroups iam:users:listUsersForGroup GaussDB(DWS) does not support user groups.
To ensure that the IAM user permissions are normal, the user group to which the IAM user belongs must be assigned the DAYU User or DAYU Administrator role on the IAM console.
APIs using the IAM authentication mode can be authorized only to apps of the IAM type. IAM: APIs using IAM authentication can be authorized to apps of this type. The name of an app of the IAM type is fixed at the a Huawei account.
To ensure that the IAM user permissions are normal, the user group to which the IAM user belongs must be assigned the DAYU User or DAYU Administrator role on the IAM console.
Authorizing an API Which Uses IAM Authentication Through a Whitelist APIs which use IAM authentication support two authorization modes: app of the IAM type and whitelist.
Solution Check whether the permissions of the current user in IAM are changed, whether the user is removed from the user group, or whether the permission policy of the user group to which the user belongs is changed. If they are indeed changed, log in to the system again.
If you want to share a DataArts Studio instance with another IAM user, prepare an IAM user by referring to Creating an IAM User and Granting DataArts Studio Permissions – Roles and Policies or Creating an IAM User and Granting DataArts Studio Permissions – Identity Policies, add the
Assign the created custom role to the IAM user by following the instructions in Adding Workspace Members and Assigning Roles.
For example, in the URI of the IAM API for creating an IAM user, the request method is POST.
Constraints An IAM user can pass the authentication and access DataArts Studio through an API or SDK only if Programmatic access is selected for Access Type during the creation of the IAM user.
To ensure that the IAM user permissions are normal, the user group to which the IAM user belongs must be assigned the DAYU User or DAYU Administrator role on the IAM console.
To learn more about how IAM is different from Organizations for access control, see What Are the Differences in Access Control Between IAM and Organizations?
For example, an IAM user can call the API for querying the DataArts Studio instance list only if the user has been assigned one of the following roles: DAYU Administrator, DAYU User, and DataArts Studio User.
Why Can't I Select a Specified IAM Project When Purchasing a DataArts Studio Instance? Check whether the current account has enabled the enterprise project function. The enterprise project and IAM project cannot be enabled at the same time.
IAM iam:agencies:listAgencies Obtain job agencies.
On the API Credentials page, obtain the account name, account ID, IAM username, and IAM user ID, and obtain the project and its ID from the project list. Obtaining a Project ID by Calling an API You can obtain the project ID by calling the API to query project information.
CDM can be shared with IAM users of the same tenant through authorization. To authorize an IAM user, perform the following steps: Create a user group and assign permissions Create a user group on the IAM console, and attach the CDM ReadOnlyAccess policy to the group.
