Identity and Access Management
Introduction
Identity and access management is mainly used to help users manage the access rights of resources under the cloud account. It is applicable to different roles in the enterprise. Different workers can be given different privileges to use the product. It is recommended that you use identity and access management.
Suitable for the following usage scenarios:
- Modify the redis instance parameter values: Authorized management of multiple employees in the company.
- Technical vendors or SAAS vendors: Resource and authority management for agency clients.
- Small and medium developers or small businesses: Add project members or collaborators for resource management.
Create User
1.After the master account user logs in, select "Identity and Access Management" on the console to enter the user management page. 2.Click "User Management" on the navigation bar, and click "Create User" on the "Sub User Management List" page. 3.In the pop-up "Create User" dialog box, fill in the "User Name" and confirm, and return to the "Sub User Management List" region to view the newly created sub user.
Configure Policy
SRD supports system policy and custom policy to implement the control of BLB with product-level privileges and instance-level privileges, respectively.
- System policy: A set of privileges predefined by Baidu AI Cloud system to manage resources. They can directly authorize sub-users. Users can only use them and cannot modify them.
- Custom policy: A more detailed set of privileges created by users themselves to manage resources. They can be configured for a single instance so as to more flexibly meet the account's differentiated privileges management for different users.
System Policy
It includes read-only privileges, operation and maintenance privileges, and management privileges. The privileges are detailed as follows:
| Policy name | Privilege description | Scope of privilege |
|---|---|---|
| SRDReadPolicy | Read-only access to SRD | View the list of detected EIP instances, and view the details of test results |
| SRDWritePolicy | Operation and maintenance of SRD | View the list of detected EIP instances, view the details of the detection results, and initiate a re-detection of the EIP instances |
| SRDFullControlPolicy | Full control over privileges to manage Baidu AI Cloud Security Risk Detection | View the list of detected EIP instances, view the details of the detection results, and initiate a re-detection of the EIP instances |
Custom Policy
Authorize from the instance dimension. Unlike system policy, they only take effect on selected instances. The sub-user enters [Policy Management] through the left navigation bar, and then clicks "Create Policy". The user fills in the policy name and selects the service type as BLB. The policy generation method defaults to the policy generator and does not need to be modified. The details of custom privileges are as follows:
| privilege description | Scope of privilege |
|---|---|
| Read only | View the list of detected EIP instances, and view the details of test results |
| Operation and maintenance | View the list of detected EIP instances, view the details of the detection results, and initiate a re-detection of the EIP instances |
| Management | View the list of detected EIP instances, view the details of the detection results, and initiate a re-detection of the EIP instances |
User Authorization
Select "Add privilege" in the "Action" column of the corresponding sub-user in the "User Management > Sub-User Management List Page", and select system privileges or custom policy for users to authorize.
Note: You can only delete existing policy and add new policy to modify the privileges of a sub-user without modifying the existing policy rules. You cannot uncheck the policy privileges that have been added.
Sub-user Login
After the master account authorizes the sub-user, the link can be sent to the sub-user; the sub-user can log in to the management console of the master account through the IAM user login link, and operate and view the master account resources according to the authorized policy. For other detailed operation, please see Identity and Access Management.