vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/ecs/umn/en-us_topic_0047272493.html
Artem Goncharov 3196b64bfc
move doc sources to other location (#3) 
move doc sources to other location

Reviewed-by: OpenTelekomCloud Bot <None>
2022-04-27 16:24:25 +00:00

5.3 KiB
Raw Permalink Blame History

Can All Users Use the Encryption Feature?

The rights of users in a user group to use the encryption feature are as follows:

  • The user who has security administrator rights can grant KMS access rights to EVS for using the encryption feature.
  • When a common user who does not have security administrator rights attempts to use the encryption feature, the condition varies depending on whether the user is the first one in the user group to use this feature.
    • If the common user is the first one in the user group to use the encryption feature, the common user must request a user who has security administrator rights to grant the common user permissions. Then, the common user can use the encryption feature.
    • If the common user is not the first one in the user group to use the encryption feature, the user will have the permission to use the encryption feature.

The following section uses a user group as an example to describe how to grant KMS access rights to EVS for using the encryption feature.

For example, a user group shown in Figure 1 consists of four users, user 1 to user 4. User 1 has security administrator rights. Users 2, 3, and 4 are common users who do not have security administrator rights.

Figure 1 User group

Scenario 1: User 1 Uses the Encryption Feature

In this user group, if user 1 uses the encryption feature for the first time, the procedure is as follows:

  1. User 1 creates Xrole to grant KMS access permissions to EVS.

    After user 1 grants permissions, the system automatically creates CMK evs/default for encrypting EVS disks.

    When user 1 uses the encryption feature for the first time, the user must grant the KMS access permissions to EVS. Then, all the users in the user group can use the encryption feature by default.

  2. User 1 selects a key.
    One of the following keys can be used:
    • Default CMK, evs/default
    • CMK, the key created before using the EVS disk encryption feature
    • Newly created key (For instructions about how to create a key, see "Creating a Key Pair" in Key Management Service User Guide.)

After user 1 uses the encryption feature, all other users in the user group can use this feature, without requiring to contact user 1 for rights granting.

Scenario 2: Common User Uses the Encryption Feature

In this user group, when user 3 uses the encryption feature for the first time:

  1. The system displays a message indicating that the user has no rights.
  2. User 3 asks user 1 to create Xrole to grant KMS access permissions to EVS.

After user 1 grants the permissions, user 3 and all other users in the user group can use the encryption feature by default.

Parent topic: Disk Management