百度智能云

All Product Document

          Identity and Access Management

          Product Line Supported Currently

          As the Identity and Access Management service of Baidu AI Cloud, IAM provides the feature to centrally manage the product and service permission on the cloud platform. The corresponding cloud services need to be connected to IAM, so as to realize the permission control within the product. This file describes the cloud products that have been connected to IAM services in detail, the granularity of permissions supported, relevant usage files, etc. Currently, IAM provides two main types of services for the cloud product line:

          • The Identity and Access Management (IAM) mainly addresses the problems such as the identity, authorization and authentication and other issues of the master and IAM users;
          • Security Token Service (STS), the temporary identity management services that IAM provides for the products or services.

          Platform Module Permission

          The platform policy mainly describes the policy of the general service module of Baidu AI Cloud platform, including but not limited to the system-level administrator, operations, read-only, finance, ticket, certificate management and other service modules, and the platform policy belongs to system policy of IAM.

          Permission name Policy description Related file
          Permission of system administrator Have the permission to manage all the resources of Baidu AI Cloud -
          Permission of system Operations Including access to all product lines of authentication Operations -
          Read-only permission of the system Including access to all product lines of authentication read-only class -
          Financial permission Have the permission to view, pay and cancel the order -
          Certificate management Support the read-only, operations permission of the certificate Certificate Management
          Permission of ticket Create, view, reply and delete the permission of ticket -

          Product Service Description that has accessed to IAM

          This section describes the product and services that have accessed to IAM and STS, and the meaning of the fields in the table below are explained as follows:

          • Product name: The Chinese and English abbreviation of the products and services of Baidu AI Cloud;
          • Permission granularity: It includes the service level and resource level, among which the service level means that the cloud product is authorized as a whole, and the resource level means to authorize the instance under the cloud product precisely, such as a BCC server;
          • The system supports operation permission: Under the service-level permission granularity, the system policy supported by the cloud product;
          • Security Token Service(STS): "✅" indicates support; "-" indicates non-support;
          • Label authorization: Filter the permission and resources you need to authorize according to the labels selected, "✅" indicates support; "-" indicates non-support;
          • Relevant file: A link means that the current product has been associated with the readme text of corresponding permission, and "-" indicates none temporarily.

          Computation

          Production name Permission granularity The system supports the operation permission Security Token Service(STS) Label authorization Related file
          Baidu Cloud Compute (BCC) Resource level Read-only, operations, management permission BCC
          Dedicated Cloud Compute (DCC) Resource level Read-only, operations, management permission -
          Baidu Baremetal Compute (BBC) Resource level Support the read-only, operations permission of the certificate - -
          Cloud Container Engine (CCE) Resource level Development, operations, management permission - CCE
          Cloud Function Compute (CFC) Service level Read-only, management permission - - -

          Network

          Production name Permission granularity The system supports the operation permission Security Token Service(STS) Based on label authorization Related file
          Elastic IP (EIP) Resource level Read-only, operations, management permission EIP
          Shared Bandwidth (EIPGROUP) Resource level Read-only, operations, management permission - EIPGROUP
          EIP Bandwidth Package (EIP_BP) Service level Read-only, operations, management permission - - EIP_BP
          Baidu Load balance (BLB) Resource level Read-only, operations, management permission BLB
          Virtual Private Cloud (VPC) Resource level Read-only, operations, management permission NETWORK
          Subnet Resource level Read-only, operations, management permission - Subnet
          SecurityGroup Resource level Read-only, operations, management permission SecurityGroup
          Access Control List (ACL) Resource level Read-only, operations permission - ACL
          Route Resource level Read-only, operations permission - Route
          Express Tunnel gateway Resource level Read-only, operations, management permission - Express Tunnel gateway
          VPN gateway Resource level Read-only, operations, management permission - VPN Gateway
          NAT gateway Resource level Read-only, operations, management permission - NAT Gateway
          IPv6 Public network gateway Resource level Read-only, operations, management permission - - IPv6
          peer connection PEERCONN Resource level Read-only, operations, management permission - Peer Connection
          Express Tunnel ET Service level Read-only, operations, management permission - - Express Tunnel ET

          Security and Management

          Production name Permission granularity The system supports the operation permission Security Token Service(STS) Based on label authorization Related file
          Intrusion Detection System (IDS) Resource level Read-only, operations permission - - -
          Web Application Firewall (WAF) Resource level Read-only, operations permission - -
          Hosteye Security Agent (HOSTEYE) Resource level Read-only, operations, management permission - - -
          Baidu Intelligent Detection (BID) Service level Management -
          Anti-DDoS Service (ADAS) Service level Read-only, operations, management permission - -
          Security Risk Detection (SRD) Resource level Read-only, operations, management permission - SRD

          Storage and CDN

          Production name Permission granularity The system supports the operation permission Security Token Service(STS) Based on label authorization Related file
          (Baidu Object storage (BOS) Resource level Read-only, management permission BOS
          Cloud Disk Storage (CDS) Resource level Read-only, operations, management permission -
          Content Delivery Network (CDN) Resource level Read-only, operations, management permission CDN
          Cloud File Storage (CFS) Resource level Read-only, operations, management permission - - CFS
          Baidu Edge Computing (BEC) Service level Read-only, operations, management permission - - -

          Data Analysis

          Production name Permission granularity The system supports the operation permission Security Token Service(STS) Based on label authorization Related file
          Baidu MapReduce (BMR) Resource level - - BMR
          Baidu Elasticsearch (BES) Resource level Read-only, operations, management permission - BES
          Baidu Message Serivce (BMS) Resource level Read-only, operations, management permission - - BMS
          Baidu Data Factory (PINGO) Resource level - - - PINGO
          Baidu Log Service (BLS) Resource level Read-only, operations, management permission - - BLS

          Database

          Production name Permission granularity The system supports the operation permission Security Token Service(STS) Based on label authorization Related file
          Relational Database Service (RDS) Resource level Read-only, operations, management permission RDS
          Simple Cache Service (SCS) Resource level Read-only, operations, management permission SCS
          Files database (MongoDB) Resource level Read-only, operations, management permission - - MongoDB

          Intelligent Multi-media Service

          Production name Permission granularity The system supports the operation permission Security Token Service(STS) Based on label authorization Related file
          Live Streaming Service (LSS) Service level Read-only, management permission - -
          Video On Demand (VOD) Service level Management - -
          Multimedia Cloud Transcoding (MCT) Service level Management, read-only permission - -
          AI_Media Content Regulation (VCR) Service level Read-only, management permission - -

          IoT Service

          Production name Permission granularity The system supports the operation permission Security Token Service(STS) Based on label authorization Related file
          Cloud secret AI Customer Service (CVCA) Resource level - - - -
          Time Series Database ( TSDB) Resource level - - TSDB
          Rule Engine Resource level - - - Rule Engine

          Website Service

          Production name Permission granularity The system supports the operation permission Security Token Service(STS) Based on label authorization Related file
          Hosteye Management Service (HME) Service level Support read-only, management permission - - -
          Baidu Could Domain Service (BCD) Service level Support read-only, operations, management permission - -

          Application Service

          Production name Permission granularity The system supports the operation permission Security Token Service(STS) Based on label authorization Related file
          Simple Message service (SMS) Service level Support read-only, management permission - -
          Previous
          Organization vs Identity and Access Management
          Next
          System Limitation