检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
SFS Capacity-Oriented File System Actions API Version Query Permission API Action IAM Project (Project) Enterprise Project (Enterprise Project) Querying the API Version (Native OpenStack API) GET / - × × Querying the API Version (Native OpenStack API) GET /{api_version}/ - × × Shared
The token obtained from IAM is valid for only 24 hours. If you want to use one token for authentication, you can cache it to avoid frequently calling.
Table 1 SFS access control Method Description Reference Permissions control IAM permissions IAM permissions define which actions on your cloud resources are allowed or denied.
Identity and Access Management (IAM) Permissions The encryption feature relies on KMS, which improves the data security of your file systems.
Configuring Network Passthrough Between ModelArts and SFS Turbo Creating an Agency to Authorize ModelArts to Use SFS Turbo Log in to the IAM console as the IAM administrator. In the navigation pane on the left, choose Permissions > Policies/Roles.
name "password": "********", // IAM user password "domain": { "name": "domainname" // Name of the account to which the IAM user belongs } } } }, "scope
SFS Turbo File System Actions Lifecycle Management Permission API Action Dependencies IAM Project (Project) Enterprise Project (Enterprise Project) Creating a File System POST /v1/{project_id}/sfs-turbo/shares sfsturbo:shares:createShare Creating an SFS Turbo file system requires
Creating a User and Granting SFS Permissions This section describes how to use IAM to implement fine-grained permissions control for your SFS resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
Obtaining Access Keys (AK/SK) To access SFS using access keys as an IAM user, the programmatic access must be enabled. For details, see Viewing or Modifying IAM User Information. When calling an API, you need to use the AK/SK to verify the signature.
An IAM user assigned the SFS Turbo ReadOnlyAccess policy does not need to have the VPC ReadOnlyAccess policy assigned explicitly. Viewing details of general purpose file systems depends on the VPC service. Ensure that the required role or policy has been configured.
Virtual Private Cloud (VPC) Creating a File System IAM is an enterprise-level self-help cloud resource management system. It provides user identity management and access control functions.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
Creating an IAM User If you want to allow multiple users to manage your resources without sharing your password or private key, you can create users using IAM and grant permissions to the users.
Creating a User and Granting SFS Permissions This chapter describes how to use IAM to implement fine-grained permissions control for your SFS resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
If the permissions granted to an IAM user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that only contain actions for IAM projects can be used and applied to IAM only.
IAM provides identity authentication, permissions management, and access control, helping you to securely access your cloud resources. With IAM, you can use your cloud account to create IAM users, and assign permissions to the users to control their access to specific resources.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview. SFS Permissions By default, new IAM users do not have permissions assigned.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
