百度智能云

All Product Document

          Load Balance

          Identity and Access Management

          Introduction

          Identity and access management is mainly used to help users manage the access rights of resources under the cloud account. It is applicable to different roles in the enterprise. Different workers can be given different privileges to use the product. When your enterprise has the multi-user co-operated resources, it is recommended that you use the identity and access management (IAM).

          Suitable for the following usage scenarios:

          • Medium and large enterprise customers: Authorized management of multiple employees in the company;
          • Technical vendors or SAAS vendors: Resource and authority management for agency clients;
          • Small and medium developers or small businesses: Add project members or collaborators for resource management.

          Create User

          1.After the master account user logs in, select "Identity and Access Management" on the console to enter the user management page.

          image.png

          2.Click "User Management" on the left navigation bar, and click "Create User" on the "Sub User Management List" page.

          3.In the pop-up "Create User" dialog box, fill in the "User Name" and confirm, and return to the "Sub User Management List" region to view the newly created sub user.

          Configure Policy

          BLB supports system policies and Custom Policy to implement the control of BLB with product-level privileges and instance-level privileges, respectively.

          • System policies: A set of privileges predefined by Baidu AI Cloud System to manage resources. They can directly authorize sub-users. Users can only use them and cannot modify them.
          • Custom Policy: A more detailed set of privileges created by users themselves to manage resources. They can be configured for a single instance so as to more flexibly meet the account's differentiated privileges management for different users.

          System Policy

          The system policy has three types: management privileges, operations privileges, and read-only privileges. The scope of privileges is as follows:

          Policy name privilege description Scope of privilege
          BLBFullControlPolicy Full control over BLB View instance list, view instance details, modify BLB name and description, listener configuration, backend server configuration, monitoring, alarm, create BLB, release BLB
          BlbOperateAccessPolicy Operations of BLB View instance list, view instance details, modify BLB name and description, listener configuration, backend server configuration, monitoring, alarm
          BlbReadOnlyAccessPolicy Read-only access to BLB View instance list, view instance details

          Custom Policy

          Custom Policy authorize from the instance dimension. Unlike system policies, they only take effect on selected instances.

          The sub-user enters [Policy Management] through the left navigation bar, and then clicks "Create Policy". The user fills in the policy name and selects the service type as BLB. The policy generation method defaults to the policy generator and does not need to be modified.

          image.png

          The details of custom privileges are as follows:

          Privilege description Scope of privilege
          Read only View instance list, view instance details
          Operations View instance list, view instance details, modify BLB name and description, listener configuration, backend server configuration, monitoring, alarm
          Management View instance list, view instance details, modify BLB name and description, listener configuration, backend server configuration, monitoring, alarm, release BLB

          User Authorization

          Select "Add privilege" in the "Action" column of the corresponding sub-user in the "User Management > Sub-user Management List Page", and select system privileges or Custom Policy for users to authorize.

          Note: You can only delete existing policies and add new policies to modify the privileges of a sub-user without modifying the existing policy rules. You cannot uncheck the policy privileges that have been added.

          Sub-user Login

          After the master account authorizes the sub-user, the link can be sent to the sub-user; the sub-user can log in to the management console of the master account through the IAM user login link, and operate and view the master account resources according to the authorized policy.

          image.png

          For other detailed operation, please see Identity and Access Management.

          Previous
          Tag Management
          Next
          Access Log