Roles represent the initial coarse-grained authorization mechanism provided by IAM, defining permissions based on users' job functions. This mechanism operates at the service level, offering a limited set of service-related roles for authorization.
Due to business dependencies between eSurfing Cloud services, when assigning a role to a user group, any dependent roles must also be granted to ensure proper permission enforcement. For details, refer to User Groups & Authorization > Authorization Method for Dependent Roles.
Role Content
When selecting a role for a user group, click the icon in front of the role to view its details. Taking the DAS Administrator as an example, the content of role-based permissions is explained.
Parameter Description
Table Parameter Description
Parameters | Definition | Value | |
Version | Role Version | 1.0: Role-Based Access Control. | |
Statement: | Action: Authorization Item | Operation Permissions | The format is: Service name: Resource type: Operation "DAS" is the service name. "DAS" is the resource type. "" is a wildcard, representing all possible operations on the DAS resource type. |
Effect: | Determine whether the operation permissions in the Action are allowed to be executed. |
Description
| |
Depends: | catalog | Service of the dependent role | Service name. For example, BASE, VPC. |
display_name | Dependent role name | Role Name | |