DocsICP FilingConsole
官方文档
首页

Role management

更新时间:
复制 MD 格式
产品详情
我的收藏

The custom role feature in Data Management (DMS) lets you manage the resource and feature permissions of other DMS users. By creating custom roles and attaching policies to them, you can implement fine-grained, role-based control over various resources and features within DMS.

Prerequisites

To use the role management feature, you must have the required permissions. If you do not have them, contact an administrator to assign you the administrator system role. For more information, see Edit user information.

Note

By default, administrators have role management permissions.

Usage notes

This feature is in canary release.To use this feature, contact DMS Technical Support (DingTalk ID: 67215001618).

Relationships among roles, users, and policies

image

Procedure

  1. Create a custom role.

    This creates the role to which you will grant permissions.

  2. Attach a policy to the custom role.

    This limits the role to the operations defined in the policy, such as querying and modifying an ApsaraDB for Redis instance.

  3. Assign users to the custom role.

    After you assign the role, users receive the permissions defined in the attached policy.

Step 1: Create a custom role

  1. Log in to DMS 5.0.

  2. In the upper-left corner of the console, click the 2023-01-28_15-57-17.png icon and choose All functions > O&M > Role Management.

    Note

    If you use the console in standard mode, choose O&M > Role Management from the top navigation bar.

  3. On the Custom Role tab, click Add Custom Role.

  4. In the Add Custom Role dialog box, enter a Role name and Role Description, and then click Confirm.

Step 2: Grant permissions

  1. On the custom roles page, find the target role and click Details in the Actions column.

  2. On the Policies tab, click Add Policy.

  3. In the Add Authorization dialog box, select a Permission Type. You can choose System Policy or Custom Policy. For information about how to create a custom policy, see Step 1: Create and configure a policy.

  4. Select the target policy and click Confirm.

Note

Alternatively, you can grant permissions to a role on the policies page. Choose Security and Specifications (DBS) > Permission Center > Policies, find the target policy, and click Authorize in the Actions column.

Step 3: Assign users

Users who are assigned a custom role inherit its resource permissions.

  1. On the custom roles page, find the target role and click Details in the Actions column.

  2. On the Associated User tab, click Add User.

  3. In the Add User dialog box, select one or more users in the Member field .

  4. Click Confirm.

Note

Alternatively, you can choose O&M > Users. Then, edit a user's basic information to assign the role.

View associated policies and users

  1. On the custom roles page, find the target role and click Details in the Actions column.

  2. On the Policies or Associated User tab, view the policies and users associated with the role.

    The table on the Policies tab lists policies and their Policy Name, Remarks, Policy Type, and Actions. In the Actions column, you can click Details or Detach Policy. The page also provides an Add Policy button, a search bar for policy names, and a filter for policy types.

FAQ

Q: What is the difference between a custom role and a system role?

A: System roles are built-in roles from DMS with fixed policies that cannot be modified. In contrast, you can adjust the policies of custom roles. A user can have multiple system and custom roles at the same time.

Previous:O&M ManagementNext:User management