Identity and Access Management
Introduction
Use the Identity and Access Management (IAM) to help users manage access privileges to resources under cloud accounts. It applies to different enterprise roles and can give other privileges to employees to use products. Use the identity and access management when your enterprise has multi-user collaborative operation resources.
Applicable to the following scenarios:
- Customers of medium and large enterprises: Perform the authorization management of multiple employees in the company;
- Technology-based vendor or SAAS platform providers: Manage the resources and access control of the proxy clients;
- Small and medium developers or small enterprises: Add the project members or collaborators to manage the resources.
Create User
-
After the user with a primary account logs in, select Identity and Access Management in the console to enter the user administration page.
- Click User Administration in the left Navbar, and click Create Sub-user on the Sub-User Administration List page.
- In the pop-up Create Sub-user dialog box, enter and confirm User Name, and return to Sub-user Administration List area to view the sub-user created.
Configuration Policy
TSDB supports only user custom policies, and users can create a privilege set by themselves. They can configure privilege for a single resource, which can flexibly grant differentiated access control accounts to different users.
In the identity and access management, click Policy Management in the left Navbar and click Create Policy.
Select to complete creation by Policy Generator
The user enters the policy name and clicks Privilege Configuration to select the service type as Time Series Database TSDB, and then sets the required operation privileges.
Details of the scope of custom privilege are as follows:
| Privilege Name | Privilege Content |
|---|---|
| Database View | View database basic information View automatic export settings View custom queries View preprocessing rules View import\export\data cleanup tasks View metrics View tags View monitoring charts |
| Database Management | Modify database description Modify automatic export settings Create or delete custom queries Create, delete or modify preprocessing rules Cancel import\export\data cleanup tasks |
| Data Query | Query data point Create data export tasks |
| Data Modification | Write data points Create data cleanup tasks (delete data points) Create data import tasks |
User Authorization
Select Add privilege in Operation column of the corresponding sub-user in User Administration-> Sub-User Administration List Page, and select and authorize the system privileges or custom policies for users.
Note: If you modify the privileges of a sub-user without modifying the existing policy rules, you can only delete the existing policies and add new policies, but you cannot uncheck the added policy privileges.
Sub-user Login
After the user with a primary account has authorized the sub-user, the user can send the link to the sub-user before the sub-user can log in to the main account's management console through the IAM user login link, then the sub-user can operate and view the main account resources based on authorized policies.
Message push
-
Configure several message receiving-terminals for the same account
In the Baidu AI Cloud console, add the user name, mobile number, e-mail, and other information by selecting the "Identity and Access Management Control > User Management > Message Receiver > Create Message Receiver" to receive the notification information under the account. You can edit the message receiving configuration through the message subscription in the message receiver management. The created message receiver can receive the information only and cannot log in to the console.  -
The sub-user receives the push message from the master user's resources
For the sub-users that have existed under the master user, you can edit the receiver through the "Message Center > Message Receiving Setting > Receiving Setting" and check the sub-user who wants to receive the push message. 
For other detailed operations, see Identity and Access Management.