yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
0b3a43371a4bcc99577594de0a685249d676a567
doc-exports/docs/dataartsstudio/umn/dataartsstudio_01_0004.html
chenxiaoxiong f9e2808b7c DataArts UMN 20250810 version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Co-authored-by: chenxiaoxiong <chenxiaoxiong@huawei.com>
Co-committed-by: chenxiaoxiong <chenxiaoxiong@huawei.com>
2025-09-02 10:44:13 +00:00

42 lines
11 KiB
HTML
Raw Blame History

<a name="dataartsstudio_01_0004"></a><a name="dataartsstudio_01_0004"></a>
<h1 class="topictitle1">Creating an IAM User and Assigning <span id="text83374331400">DataArts Studio</span> Permissions</h1>
<div id="body0000002024014390"><div class="p" id="dataartsstudio_01_0004__en-us_topic_0223009156_p988518487488">Identity and Access Management (IAM) can be used for fine-grained permissions management on your <span id="dataartsstudio_01_0004__text1142013904015">DataArts Studio</span> resources. With IAM, you can:<ul id="dataartsstudio_01_0004__ul20307133063417"><li id="dataartsstudio_01_0004__en-us_topic_0223009156_li588684820486">Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing <span id="dataartsstudio_01_0004__text16979149134014">DataArts Studio</span> resources.</li><li id="dataartsstudio_01_0004__en-us_topic_0223009156_li38863484487">Grant users only the permissions required to perform a given task based on their job responsibilities.</li><li id="dataartsstudio_01_0004__en-us_topic_0223009156_li17886174824816">Entrust a <span id="dataartsstudio_01_0004__text9957155617403">cloud account</span> or cloud service to perform efficient O&amp;M on your <span id="dataartsstudio_01_0004__text595785624020">DataArts Studio</span> resources.</li></ul>
</div>
<p id="dataartsstudio_01_0004__en-us_topic_0223009156_p7886148114812">If you do not require individual IAM users for permissions management, skip this topic.</p>
<p id="dataartsstudio_01_0004__en-us_topic_0223009156_p1886124811488">This section describes the procedure for granting permissions. See <a href="#dataartsstudio_01_0004__en-us_topic_0223009156_section9135134520119">Procedure</a> for details.</p>
<div class="section" id="dataartsstudio_01_0004__en-us_topic_0223009156_section149106163317"><h4 class="sectiontitle">Context</h4><ul id="dataartsstudio_01_0004__en-us_topic_0223009156_ul4345266339"><li id="dataartsstudio_01_0004__en-us_topic_0223009156_li19891163562811">Before assigning permissions to a user group, you need to understand the permission system of so that you can select the permissions that meet your needs. <div class="fignone" id="dataartsstudio_01_0004__fig168744210348"><span class="figcap"><b>Figure 1 </b>Permission system</span><br><span><img class="imgResize" id="dataartsstudio_01_0004__en-us_topic_0000001492262982_image1913610193343" src="en-us_image_0000002391028724.png" title="Click to enlarge"></span></div>
</li></ul>
</div>
<div class="section" id="dataartsstudio_01_0004__section3404192611368"><h4 class="sectiontitle">Notes and Constraints</h4><ul id="dataartsstudio_01_0004__ul5958194983813"><li id="dataartsstudio_01_0004__li42343448248">The <span id="dataartsstudio_01_0004__text680510344508">DARTS</span> User system role provides the permissions related to instances, workspaces, and dependent services. The operation permissions in workspaces are provided by workspace roles.</li><li id="dataartsstudio_01_0004__li84281638144015"><div class="p" id="dataartsstudio_01_0004__p1899684094017"><a name="dataartsstudio_01_0004__li84281638144015"></a><a name="li84281638144015"></a>IAM provides the following two authorization mechanisms: Note that <span id="dataartsstudio_01_0004__en-us_topic_0000002059932461_text98649123311">DataArts Studio</span> supports only the IAM role-based authorization and does not support the IAM policy-based authorization.<ul id="dataartsstudio_01_0004__en-us_topic_0000002059932461_ul16474158122614"><li id="dataartsstudio_01_0004__en-us_topic_0000002059932461_en-us_topic_0216589782_li18737181101111"><strong id="dataartsstudio_01_0004__en-us_topic_0000002059932461_b1448919334131">IAM Roles</strong>: IAM initially provides a coarse-grained authorization mechanism to define permissions based on users' job responsibilities. Only a limited number of service-level roles are available. However, traditional IAM roles are not an ideal choice for fine-grained authorization and secure access control.</li><li id="dataartsstudio_01_0004__en-us_topic_0000002059932461_li144587474243"><strong id="dataartsstudio_01_0004__en-us_topic_0000002059932461_b203801928144">IAM Policies</strong>: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This type of authorization is more flexible and is ideal for least privilege access.</li></ul>
</div>
</li></ul>
</div>
<div class="section" id="dataartsstudio_01_0004__en-us_topic_0223009156_section9135134520119"><a name="dataartsstudio_01_0004__en-us_topic_0223009156_section9135134520119"></a><a name="en-us_topic_0223009156_section9135134520119"></a><h4 class="sectiontitle">Procedure</h4><ol id="dataartsstudio_01_0004__ol5977748151916"><li id="dataartsstudio_01_0004__li39771248101915"><a name="dataartsstudio_01_0004__li39771248101915"></a><a name="li39771248101915"></a><span>Create a user group and assign a system role to the group.</span><p><p id="dataartsstudio_01_0004__p55201136510">Log in to the IAM console using a <span id="dataartsstudio_01_0004__text132541145165011">cloud account</span>, create a user group and assign a <span id="dataartsstudio_01_0004__text3254145145017">DataArts Studio</span> system role to the group. For example, the system role can be <span id="dataartsstudio_01_0004__text325594535015">DARTS</span> Administrator or <span id="dataartsstudio_01_0004__text1225564525015">DARTS</span> User.</p>
<p id="dataartsstudio_01_0004__en-us_topic_0223009156_p108313320205">For details, see "User Groups and Authorization" &gt; "Creating a User Group and Assigning Permissions" in <em id="dataartsstudio_01_0004__i452011553416">Identity and Access Management User Guide</em>.</p>
<div class="note" id="dataartsstudio_01_0004__en-us_topic_0223009156_note52501597263"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="dataartsstudio_01_0004__en-us_topic_0223009156_ul114668532278"><li id="dataartsstudio_01_0004__li1834013912412">When configuring <span id="dataartsstudio_01_0004__text16819177115812">DataArts Studio</span> permissions for a user group, enter <strong id="dataartsstudio_01_0004__b78475552518"><span id="dataartsstudio_01_0004__text58471555135114">DARTS</span></strong> in the search box to search for the permissions and select the permissions to be granted to the user group, for example, <strong id="dataartsstudio_01_0004__b108471855135116"><span id="dataartsstudio_01_0004__text9847195514512">DARTS</span> User</strong>.</li><li id="dataartsstudio_01_0004__li2866162654415"><span id="dataartsstudio_01_0004__text195812112424">DataArts Studio</span> is a project-level service deployed in specific physical regions. If you select <strong id="dataartsstudio_01_0004__b189870159422">All resources</strong> for <strong id="dataartsstudio_01_0004__b29871515134214">Scope</strong>, the permission takes effect in all projects of all regions. If you select <strong id="dataartsstudio_01_0004__b1298715159424">Region-specific projects</strong> for <strong id="dataartsstudio_01_0004__b129871515104216">Scope</strong>, the permission takes effect only for a specified project. When accessing <span id="dataartsstudio_01_0004__text199751520174210">DataArts Studio</span>, the IAM user must switch to the region where they have been assigned the required permissions.</li></ul>
</div></div>
</p></li><li id="dataartsstudio_01_0004__li797716482198"><span>Create a user and add the user to the user group.</span><p><p id="dataartsstudio_01_0004__p178485310194">Create users on the IAM console and add them to the group created in <a href="#dataartsstudio_01_0004__li39771248101915">Step 1</a>.</p>
<p id="dataartsstudio_01_0004__p108285546197">For details, see "IAM Users" &gt; "Creating an IAM User" in <em id="dataartsstudio_01_0004__i82181740154214">Identity and Access Management User Guide</em>.</p>
<div class="note" id="dataartsstudio_01_0004__note127591741175411"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="dataartsstudio_01_0004__p676134155414">An IAM user can pass the authentication and access <span id="dataartsstudio_01_0004__en-us_topic_0183235763_text57841510161910">DataArts Studio</span> through an API or SDK only if <strong id="dataartsstudio_01_0004__en-us_topic_0183235763_b1834015273813">Programmatic access</strong> is selected for <strong id="dataartsstudio_01_0004__en-us_topic_0183235763_b146218599421">Access Type</strong> during the creation of the IAM user.</p>
</div></div>
</p></li><li id="dataartsstudio_01_0004__li585115271418"><span>Create a custom workspace role for <span id="dataartsstudio_01_0004__text399512291527">DARTS</span> User, add it as a workspace member, and assign a role to the member.</span><p><p id="dataartsstudio_01_0004__p1579162432010"><span id="dataartsstudio_01_0004__text153877412521">DataArts Studio</span> workspace roles determine the permissions of <span id="dataartsstudio_01_0004__text16388144135217">DARTS</span> User in a workspace. There are five preset roles: admin, developer, deployer, operator, and viewer. If these preset roles can meet your requirements, you do not need to create a custom workspace role. Instead, you can add the user as a workspace member and assign a preset role to the member. Otherwise, you need to create a custom role, add the users as a workspace member, and assign a custom role to the member. For details about how to create a custom workspace role, see <a href="dataartsstudio_01_0107.html">(Optional) Defining a Workspace Role</a>For details about how to add a workspace member and assign a role, see <a href="dataartsstudio_01_0117.html">Adding Workspace Members and Assigning Roles</a>.</p>
<p id="dataartsstudio_01_0004__p142198484228">For details about the permissions of the roles, see "Permissions" in <em id="dataartsstudio_01_0004__i13174413430">Service Overview</em>.</p>
</p></li><li id="dataartsstudio_01_0004__en-us_topic_0000001489537442_li1177513202816"><span>Log in to the console and verify permissions.</span><p><p id="dataartsstudio_01_0004__en-us_topic_0000001489537442_p1317741312289">Log in to the console using the created user and verify permissions of the user.</p>
<ul id="dataartsstudio_01_0004__en-us_topic_0000001489537442_ul1692751312242"><li id="dataartsstudio_01_0004__en-us_topic_0000001489537442_li205729227246">Choose <strong id="dataartsstudio_01_0004__b1659761818434">Service List</strong> &gt; <strong id="dataartsstudio_01_0004__b459816187431">DataArts Studio</strong>. Locate a <span id="dataartsstudio_01_0004__text1559871816439">DataArts Studio</span> instance and click <strong id="dataartsstudio_01_0004__b1459801804314">Access</strong>. Check whether the workspace list is displayed.</li><li id="dataartsstudio_01_0004__en-us_topic_0000001489537442_li1857212212418">Access a service module (for example, Management Center) to which your current user has been added and check whether you can perform the operations allowed for the workspace role assigned to you.</li></ul>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dataartsstudio_01_0118.html">Authorizing Users to Use DataArts Studio</a></div>
</div>
</div>
<script language="JavaScript">
<!--
initImageViewer('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink