As the Identity and Access Management service of Baidu AI Cloud, IAM provides the feature to centrally manage the product and service permission on the cloud platform. The corresponding cloud services need to be connected to IAM, so as to realize the permission control within the product. This file describes the cloud products that have been connected to IAM services in detail, the granularity of permissions supported, relevant usage files, etc. Currently, IAM provides two main types of services for the cloud product line:
The Identity and Access Management (IAM) mainly addresses the problems such as the identity, authorization and authentication and other issues of the master and IAM users;
Security Token Service (STS), the temporary identity management services that IAM provides for the products or services.
Platform Module Permission
The platform policy mainly describes the policy of the general service module of Baidu AI Cloud platform, including but not limited to the system-level administrator, operations, read-only, finance, ticket, certificate management and other service modules, and the platform policy belongs to system policy of IAM.
Permission name
Policy description
Related file
Permission of system administrator
Have the permission to manage all the resources of Baidu AI Cloud
-
Permission of system Operations
Including access to all product lines of authentication Operations
-
Read-only permission of the system
Including access to all product lines of authentication read-only class
-
Financial permission
Have the permission to view, pay and cancel the order
-
Certificate management
Support the read-only, operations permission of the certificate
Create, view, reply and delete the permission of ticket
-
Product Service Description that has accessed to IAM
This section describes the product and services that have accessed to IAM and STS, and the meaning of the fields in the table below are explained as follows:
Product name: The Chinese and English abbreviation of the products and services of Baidu AI Cloud;
Permission granularity: It includes the service level and resource level, among which the service level means that the cloud product is authorized as a whole, and the resource level means to authorize the instance under the cloud product precisely, such as a BCC server;
The system supports operation permission: Under the service-level permission granularity, the system policy supported by the cloud product;
Label authorization: Filter the permission and resources you need to authorize according to the labels selected, "✅" indicates support; "-" indicates non-support;
Relevant file: A link means that the current product has been associated with the readme text of corresponding permission, and "-" indicates none temporarily.
