forked from docs/doc-exports
qinweiwei
3e4721c813
Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com> Co-authored-by: qinweiwei <qinweiwei@huawei.com> Co-committed-by: qinweiwei <qinweiwei@huawei.com>
66 lines
11 KiB
HTML
66 lines
11 KiB
HTML
<a name="dew_01_0096"></a><a name="dew_01_0096"></a>
|
|
|
|
<h1 class="topictitle1">Creating a Grant</h1>
|
|
<div id="body1526441148777"><p id="dew_01_0096__abd93f6bca64047dab7c1821937d2176a">You can create grants for other users or accounts to use the custom key. You can create a maximum of 100 grants on a custom key.</p>
|
|
<div class="section" id="dew_01_0096__sf313f71716e4464a818c0f21fadd47c2"><h4 class="sectiontitle">Prerequisites</h4><ul id="dew_01_0096__ue1a5c744c07e4da2901b21160b118b07"><li id="dew_01_0096__l9f30a172d7b64c169a5502a41ff91d42">You have obtained the ID of the grantee (user to whom permissions are to be authorized).</li><li id="dew_01_0096__lb764e9f8bf2a4c79bde4e1a4e650a69c">The target custom key is in <span class="parmname" id="dew_01_0096__parmname77021054865"><b>Enabled</b></span> status.</li></ul>
|
|
</div>
|
|
<div class="section" id="dew_01_0096__section57951920104714"><h4 class="sectiontitle">Constraints</h4><ul id="dew_01_0096__ul187081017201420"><li id="dew_01_0096__li2708191751418">The owner of a custom key can create a grant for the custom key on the KMS console or by calling APIs. The users or accounts who have the grant creation permission assigned by the owner of the custom key can create grants for the custom key only by calling APIs.</li><li id="dew_01_0096__li169641820131418">A maximum of 100 grants can be created for a custom key.</li></ul>
|
|
</div>
|
|
<div class="section" id="dew_01_0096__sb242aca4faed47a3a2cda38b7e2aea4f"><h4 class="sectiontitle">Procedure</h4><ol id="dew_01_0096__oe8646e78119040b19b16e75a4dee0fb6"><li id="dew_01_0096__li1181420455820"><span>Log in to the management console.</span></li><li id="dew_01_0096__li880294292648"><span>Click <span><img id="dew_01_0096__dew_01_0178_image10325154918393" src="en-us_image_0000001284811084.png"></span> in the upper left corner of the management console and select a region or project.</span></li><li id="dew_01_0096__li1279512297175"><span>Click <span><img id="dew_01_0096__image1568784805614" src="en-us_image_0000002479480874.png"></span> on the left and choose <span class="menucascade" id="dew_01_0096__menucascade2687144845613"><b><span class="uicontrol" id="dew_01_0096__uicontrol2068719489569">Security</span></b> > <b><span class="uicontrol" id="dew_01_0096__uicontrol568774814561">Key Management Service</span></b></span>.</span></li><li id="dew_01_0096__l3ebfdf7f9d2641be8e268c2c354518b1"><span>Click the name of the target custom key to go to its details page and create a grant on it.</span></li><li id="dew_01_0096__li1655114975915"><span>Click the <strong id="dew_01_0096__b126234401162">Grants</strong> tab.</span></li><li id="dew_01_0096__la8bfd43456334e258880cf1d53df3da3"><span>Click <strong id="dew_01_0096__b84235270614570">Create Grant</strong>. The <strong id="dew_01_0096__b84235270614574">Create Grant</strong> dialog box is displayed.</span><p><div class="fignone" id="dew_01_0096__fig17834205715471"><span class="figcap"><b>Figure 1 </b>Creating a grant</span><br><span><img id="dew_01_0096__image1634124813475" src="en-us_image_0000002278357089.png"></span></div>
|
|
</p></li><li id="dew_01_0096__ld1e659d79a734647b0df2c3f23f21d22"><span>In the dialog box that is displayed, enter the ID of the user to be authorized and select permissions to be granted. For details, see <a href="#dew_01_0096__t4212c2dc877a41ba8f1db3dfa2ed7575">Table 1</a>.</span><p><div class="notice" id="dew_01_0096__ne46aa03a7d3d4db5a86df92e23c3569c"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="dew_01_0096__a5aa6962a74b54c09a792d321908160cd">A grantee can perform the authorized operations only by calling the necessary APIs. For details, see the <i><cite id="dew_01_0096__cite1046431183">Key Management Service API Reference</cite></i>.</p>
|
|
</div></div>
|
|
|
|
<div class="tablenoborder"><a name="dew_01_0096__t4212c2dc877a41ba8f1db3dfa2ed7575"></a><a name="t4212c2dc877a41ba8f1db3dfa2ed7575"></a><table cellpadding="4" cellspacing="0" summary="" id="dew_01_0096__t4212c2dc877a41ba8f1db3dfa2ed7575" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters for creating a grant</caption><thead align="left"><tr id="dew_01_0096__r5262aa06f29a4aeeb12b8c7ea5c1d163"><th align="left" class="cellrowborder" valign="top" width="20.75%" id="mcps1.3.4.2.7.2.2.2.4.1.1"><p id="dew_01_0096__ab97745e4ff174dd29475988b7daf3922"><strong id="dew_01_0096__b58977733783214">Parameter</strong></p>
|
|
</th>
|
|
<th align="left" class="cellrowborder" valign="top" width="57.809999999999995%" id="mcps1.3.4.2.7.2.2.2.4.1.2"><p id="dew_01_0096__ab176e626317848caaa985a1979e5db60"><strong id="dew_01_0096__b842352706193336">Description</strong></p>
|
|
</th>
|
|
<th align="left" class="cellrowborder" valign="top" width="21.44%" id="mcps1.3.4.2.7.2.2.2.4.1.3"><p id="dew_01_0096__a72df5ce3d23d45a8999ab453fe800b59"><strong id="dew_01_0096__b842352706191839">Example Value</strong></p>
|
|
</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody><tr id="dew_01_0096__row1147532142318"><td class="cellrowborder" valign="top" width="20.75%" headers="mcps1.3.4.2.7.2.2.2.4.1.1 "><p id="dew_01_0096__p91486323235">User or Tenant</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="57.809999999999995%" headers="mcps1.3.4.2.7.2.2.2.4.1.2 "><p id="dew_01_0096__p314863216235">Whether a user or an account is authorized.</p>
|
|
<ul id="dew_01_0096__ul106451354289"><li id="dew_01_0096__li0646535152816">User<p id="dew_01_0096__p1298684352820"><a name="dew_01_0096__li0646535152816"></a><a name="li0646535152816"></a>User ID: Enter the IAM user ID. To obtain the ID, click the username in the upper right corner of the page, choose <strong id="dew_01_0096__b221472716233">My Credentials</strong>. Choose <strong id="dew_01_0096__b9214192762319">API Credentials</strong> from the navigation pane, and copy the value of <strong id="dew_01_0096__b202154271235">IAM User ID</strong>.</p>
|
|
<p id="dew_01_0096__p474111712302">After the authorization is complete, the IAM user can use the specified keys.</p>
|
|
</li><li id="dew_01_0096__li181891609297">Account<p id="dew_01_0096__p11103195017278"><a name="dew_01_0096__li181891609297"></a><a name="li181891609297"></a>Account ID: Enter the IAM user ID. To obtain the ID, click the username in the upper right corner of the page, choose <strong id="dew_01_0096__b1931116910221">My Credentials</strong>. Choose <strong id="dew_01_0096__b19316395228">API Credentials</strong> from the navigation pane and copy the value of <strong id="dew_01_0096__b73161696222">Account ID</strong>.</p>
|
|
<p id="dew_01_0096__p4506656173118">After the authorization is complete, all IAM users under the account can use the specified keys.</p>
|
|
</li></ul>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="21.44%" headers="mcps1.3.4.2.7.2.2.2.4.1.3 "><p id="dew_01_0096__p1148153211231">d9a6b2bdaedd4ba586cabe6372d1b312</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="dew_01_0096__row11886545173017"><td class="cellrowborder" valign="top" width="20.75%" headers="mcps1.3.4.2.7.2.2.2.4.1.1 "><p id="dew_01_0096__p1288724543017">Grant Name</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="57.809999999999995%" headers="mcps1.3.4.2.7.2.2.2.4.1.2 "><p id="dew_01_0096__p4887104511302">You can name the grant.</p>
|
|
<div class="note" id="dew_01_0096__note188411220113012"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="dew_01_0096__ul196311438133018"><li id="dew_01_0096__li1690185203018">You can enter digits, letters, underscores (_), hyphens (-), colons (:), and slashes (/).</li></ul>
|
|
</div></div>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="21.44%" headers="mcps1.3.4.2.7.2.2.2.4.1.3 "><p id="dew_01_0096__p1288716457304">test</p>
|
|
</td>
|
|
</tr>
|
|
<tr id="dew_01_0096__r1326823b950b4491a67e426a2680c6bf"><td class="cellrowborder" valign="top" width="20.75%" headers="mcps1.3.4.2.7.2.2.2.4.1.1 "><p id="dew_01_0096__a1546b8eed079445ea3b1868f818806e6">Operations</p>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="57.809999999999995%" headers="mcps1.3.4.2.7.2.2.2.4.1.2 "><p id="dew_01_0096__a28343bfa69dc45eb9089ecb601d9c343">The following permissions can be authorized:</p>
|
|
<div class="note" id="dew_01_0096__n3bc68b5a19d8473894309fdf6b6316b9"><span class="notetitle"> NOTE: </span><div class="notebody"><ul id="dew_01_0096__u8eb0a85047d0421398ecdd1e941d4a0a"><li id="dew_01_0096__l19724b1186d14cdea00fc64466881db3">You can create multiple grants on a custom key to provide different permissions to the same user. The user's permissions on the custom key are the combination of all the grants.</li><li id="dew_01_0096__l1040294800ce45c5a3bf121c75c81868">This parameter cannot be left blank.</li><li id="dew_01_0096__lf1dcdb78a73c481d919293387429bfd4">Selecting only <strong id="dew_01_0096__b842352706111632">Create Grant</strong> is not allowed.</li></ul>
|
|
</div></div>
|
|
<ul id="dew_01_0096__u679e0ae81b6b4c78ba3d1dcf99d6ba76"><li id="dew_01_0096__l74c9847b46474022b98f95300f72c8a2"><strong id="dew_01_0096__b842352706154510">Create Data Key Without Plaintext</strong></li><li id="dew_01_0096__l6f42bff6862348879bfd804512b3429f"><strong id="dew_01_0096__b84235270615163">Create Data Key</strong></li><li id="dew_01_0096__l8f3e0cb70890457bb414b84bbe3bd165"><strong id="dew_01_0096__b842352706151612">Encrypt Data Key</strong></li><li id="dew_01_0096__l36318d4a790f4358a61315493a60d54f"><strong id="dew_01_0096__b842352706151616">Decrypt Data Key</strong></li><li id="dew_01_0096__l74d6d395b9e948babf994c33639e1aca"><strong id="dew_01_0096__b842352706151627">Query Key Information</strong></li><li id="dew_01_0096__l640a497b858e429e9827cd2ad0cc1df7"><strong id="dew_01_0096__b842352706151632">Create Grant</strong></li><li id="dew_01_0096__l4cdf3af1496b4a7fb669f956d8dc9c7e"><strong id="dew_01_0096__b842352706151544">Retire Grant</strong><ul id="dew_01_0096__ub6297e776ce6471580561e39830e3fc0"><li id="dew_01_0096__l02a306e9962c4ca0a47e47e8587e81b3">A grantee can retire a grant if the grantee does not need that permission.</li><li id="dew_01_0096__lac1577f4802f471bb6de6f3c320b0d6a">If, before retiring a grant, the grantee has granted the permission to another user, that user's permission will not be affected by the grant retirement.</li></ul>
|
|
</li><li id="dew_01_0096__li1771485722215"><strong id="dew_01_0096__b470814294240">Encrypt Data</strong></li><li id="dew_01_0096__li134379632312"><strong id="dew_01_0096__b967316407240">Decrypt Data</strong></li></ul>
|
|
</td>
|
|
<td class="cellrowborder" valign="top" width="21.44%" headers="mcps1.3.4.2.7.2.2.2.4.1.3 "><p id="dew_01_0096__a9eeada0fea5a47b181fd7672519a87f0">-</p>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</p></li><li id="dew_01_0096__lb57e06fa0f9948cb89ad869a8830b368"><span>Click <strong id="dew_01_0096__b886156753153714">OK</strong>. When message "Grant created successfully" is displayed in the upper right corner, the grant has been created.</span><p><p id="dew_01_0096__a4e18b09ddba142629a35200d37557a86">In the list of grants, you can view the grant name, grant type, grantee ID, granted operation, and creation time of the grant.</p>
|
|
</p></li></ol>
|
|
</div>
|
|
</div>
|
|
<div>
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="dew_01_0095.html">Managing a Grant</a></div>
|
|
</div>
|
|
</div>
|
|
|