Accounts-IoT Studio(IoT Studio)-阿里云帮助中心

After you enable the account feature for an IoT Studio project, you can log on to the operations console to manage roles and accounts for application and business service runtimes.

Background information

IoT Studio provides a project-level account system. This system uses the industry-standard Role-Based Access Control (RBAC) model and lets you manage accounts, roles, and permissions. You can group applications or services that require unified accounts into the same project. After you set up account authentication during development, you can configure flexible access control.

Enable accounts

In the list of standard projects, find the target project and click its card.

You can also click Global-resource Project to open its project details page.
On the project page, click Accounts in the navigation pane on the left.
Click Enable Account Feature.
In the Enable Operations Console dialog box, enter the required information.
Click Confirm.

After the operations console is enabled, go to the Accounts > Administrator tab to view the initial administrator account information.

The phone number that you set in the previous step receives a notification that an IoT application account has been created. This notification contains the initial logon password for the administrator. Store the password in a secure location.

You can use either the initial administrator name or the phone number as the logon name for the operations console.

Configure the console

On the Accounts page, click the Console Configuration tab. The console address for your account is displayed on this tab. Configure the console as follows:

后台配置

In the Basic Information section, click Modify next to the company name to change the basic information.
Click Configure Logon Interface in the upper-right corner of the page. In the Configure Console Logon Interface dialog box, configure the following settings:
1. Set the console name.
2. Click Add ICP Filing Information. Enter the ICP filing information and configure the display style.
  
  Note
  Each ICP filing record can display a maximum of two icons simultaneously. The filing name is limited to 30 characters. You can add up to three ICP filing records. For more information about ICP filing, see ICP filing process.
3. Click Upload Image and upload an image.
4. (Optional) Click Preview to preview your configuration.
5. Click Confirm.
Follow the Domain Name Operation Instructions on the page to configure and add your domain name.

Account Management

Log on to the console to initialize the administrator account. The administrator account has all permissions. You can use this account to manage operational accounts in the operations console, such as configuring accounts, roles, and permissions.

Click Log on to Console in the upper-right corner of the Accounts page.
On the logon page, enter the initial administrator account and password, and then click Log on.
On the Account Management page of the operations console, perform the following operations:
- In the row of the destination account, click Edit in the Actions column. In the Edit Account Information dialog box, modify the Phone Number or Logon Email, and then click Save.
- On the right side of the page, click Add Account. In the Add Account dialog box, enter the account information and click Add.
  
  Note
  Both the account name and phone number can be used as the logon name. The initial password for the account is sent to the user in a text message.

Role Management

An account inherits permissions from its assigned roles.

In the operations console, click Role Management in the navigation pane on the left and perform the following operations:

On the right side of the page, click Add Role. In the dialog box that appears, enter a role name, add optional remarks, and click OK.
On the Role Members tab of the Role Details page, click Add Member. In the dialog box that appears, select the required accounts and click Confirm.
In the Actions column for a role, click View. On the Role Details page, you can view the role members and permissions. You can also remove permissions from the role. The administrator role has all permissions and cannot be changed.

Permission Management

In the operations console, click Permission Management in the navigation pane on the left to manage access permissions for applications and services.

Note

After you enable account authentication, select Application Access Restriction or Access Restriction in the page configuration to configure roles that can access the current application or page.
After you enable access restriction, if no roles are specified for the application or page, only the administrator account can access them.

Application access permissions
In the row of an application, click Configure in the Actions column to go to the permission configuration page.
- In the Application Access Restriction module, click Configure to set the roles that can access the application.
- In the Page Access Restriction module, click Configure next to a page to set the roles that can access the page.
Service access permissions

Note
The service access permission configuration feature is available only for service development APIs that use account authentication for the data source of a component. This feature is not available for requests from the Internet.

In the row of a service, click Configure in the Actions column to set the roles that can access the service.
Note
- If you select account authentication in the HTTP node configuration for a service, users must log on to an account to access the service in the application.
- If you select both account authentication and access restriction, only specified roles can access the service.