检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
IAM: cloud user SAML: SAML-based federation.
User A user is created by using an account in IAM to use cloud services. Each user has its own identity credentials (password and access keys). You can view the account ID and user ID in Obtaining a Project ID.
IAM: cloud user SAML: SAML-based federation.
Policy Content: Configure the parameter as follows. { "Version": "1.1", "Statement": [ { "Action": [ "iam:agencies:assume" ], "Resource": { "uri": [ "/iam/agencies/ID of the agency
IAM users or user groups cannot be used as authorization entities. The PolicySync process does not modify the default policy of the RangerAdmin Hive module in the cluster. The default policy still takes effect.
IAM: cloud user SAML: SAML-based federation LDAP: ID user LOCAL: local user AGENTTENANT: agency OTHER: others Enumeration values: IAM SAML LDAP LOCAL AGENTTENANT OTHER principal_name Yes String Entity name. The value can contain 1 to 49 characters.
The options are IAM (cloud user), SAML (SAML-based federation), LDAP (permission policy), LOCAL (local user), AGENT (agency), AGENTTENANT (agency), and OTHER (others).
User A user is created by using an account in IAM to use cloud services. Each user has its own identity credentials (password and access keys). You can view the account ID and user ID in Obtaining a Project ID.
If the permissions granted to an IAM user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.
For an IAM user to use GaussDB(DWS) to call APIs on the LakeFormation management plane, the user must have LakeFormation permissions (at least lakeformation:instance:access and lakeformation:instance:describe).
IAM: cloud user SAML: SAML-based federation LDAP: ID user LOCAL: local user AGENTTENANT: agency OTHER: others Enumeration values: IAM SAML LDAP LOCAL AGENTTENANT OTHER principal_name Yes String Entity name. The value can contain 1 to 49 characters.
Check configuration items. 500 00011128 Failed to create or update the IAM permission. Contact O&M personnel for assistance. 500 00011129 Failed to create or update the IAM agency.
You have prepared an IAM user who has the permission to create LakeFormation instances. For details, see Creating an IAM User and Granting LakeFormation Permissions. Step 1: Create a LakeFormation Instance Log in to the management console as the user prepared in Preparations.
Table 3 Request body parameters Parameter Mandatory Type Description user_names No Array of strings IAM users. groups No Array of strings User group. roles No Array of strings Role.
Authorization entities include IAM users, user groups, and LakeFormation roles. You can grant permissions to metadata objects such as catalogs, databases, tables, columns, functions, and OBS paths.
You can select a user group, role, IAM user, or agency as the authorization entity. To avoid authorization failure, ensure that the selected entity's name does not contain hyphens (-). If you want to grant the write permission as well, select Write Permission.
Enumeration values: IAM SAML LDAP LOCAL AGENTTENANT OTHER create_time No String Table creation time. last_access_time No String Last access time. last_analyzed_time No String Last analyzed time. partition_keys No Array of Column objects Partition column information. retention No Integer
