vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dataartsstudio/umn/dataartsstudio_01_0004.html
Xiong, Chen Xiao 3bc19c4f14 DataArts UMN 20240301 version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Co-authored-by: Xiong, Chen Xiao <chenxiaoxiong@huawei.com>
Co-committed-by: Xiong, Chen Xiao <chenxiaoxiong@huawei.com>
2024-03-01 14:11:08 +00:00

5.8 KiB
Raw Blame History

Creating an IAM User and Assigning DataArts Studio Permissions

Identity and Access Management (IAM) can be used for fine-grained permissions management on your DataArts Studio resources. With IAM, you can:
  • Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing DataArts Studio resources.
  • Assign users only the permissions required to perform a task.
  • Entrust a a cloud platform account or cloud service to perform efficient O&M on your DataArts Studio resources.

If you do not require individual IAM users for permissions management, skip this section.

Background

  • Before assigning permissions to a user group, familiarize yourself with the DataArts Studio workspace role permissions that can be added to the user group and select permissions based on actual requirements.

Procedure

  1. Create a user group and assign permissions to it. Log in to the IAM console using a a cloud platform account, create a user group, and grant permissions of a common user (for example, DAYU User) to the group.

    For details, see "User Groups and Authorization" > "Creating a User Group and Assigning Permissions" in Identity and Access Management User Guide.

    • When configuring DataArts Studio permissions for a user group, enter DAYU in the search box to search for the permissions and select the permissions to be granted to the user group, for example, DAYU User.
    • If an IAM user wants to create a workspace, you must assign the IAM user the DAYU Administrator policy. Users with the DAYU Administrator policy can perform all operations on DataArts Studio.
    • DataArts Studio is a project-level service deployed in specific physical regions. If you select All resources for Scope, the permission takes effect in all projects of all regions. If you select Region-specific projects for Scope, the permission takes effect only for a specified project. When accessing DataArts Studio, the IAM user must switch to the region where they have been assigned the required permissions.
  2. Create a user and add the user to the user group. Create a user on the IAM console and add the user to the group created in 1.

    For details, see "IAM Users" > "Creating an IAM User" in Identity and Access Management User Guide.