DCS Redis is associated with eSurfing Cloud Identity and Access Management (IAM) and can control user access and operations through dimensions like console buttons, menus, and OpenAPIs, so as to achieve fine-grained management of user permissions and ensure access security.
Introduction to IAM
Identity and Access Management (IAM) is a basic service that supports user permission management and can help you securely control access and operation permissions of your cloud services and resources. Currently, eSurfing Cloud provides dedicated CTIAM services, which can be used for free after application. You only need to pay for the cloud services and resources in your account. For more information about IAM, see Identity and Access Management.
Main Concepts in IAM
Master user: This is the account automatically created upon registration on eSurfing Cloud. The user has full access to the resources under the account, and can reset the user password as well as grant user permissions. If multiple people want to use the same eSurfing Cloud resources, it is recommended that you use sub-users for daily management to ensure account security.
Sub-user: This is the account created in User Center by the user with IAM permissions. The username and password of a sub-user are controlled by the user that grants IAM permissions. Sub-users can also log in to the eSurfing Cloud console. The login portal is the same as that of the master user. But the resources they have access to are subject to their permissions granted.
User group: A user group is a collection of users. IAM uses user groups to control user permissions. You must add an IAM user to a specific user group for the IAM user to be granted permissions. Otherwise, the IAM user cannot access any resources or cloud services in your account.
System policy: Maintained by the product team. This involves common permissions preset in the system, mainly for read-only permissions or administrator permissions of multiple cloud services, such as read-only permissions or administrator permissions of ECS. System policies can only be used for authorization in the IAM console and cannot be edited or modified.
Custom Policy: Permission sets that are created and managed by yourself in the IAM console. These permissions can be customized as an extension and supplement to system policies.
Enterprise Project: The foundation for implementing fine-grained permission control in an enterprise. Cloud resources and enterprise members are managed by enterprise projects. User groups with authorization are bound with cloud resources through enterprise projects. Users' permissions to use cloud resources in enterprise projects are subject to the permissions of the user groups.
System Policy
By default, Redis provides three system policies for users to choose from, covering only permissions of features in the management console. Permissions of features out of the management console, such as order placement, must be configured separately. The three default policies are administrator policy (admin), user policy (user), and reviewer policy (reviewer). The permission models of the three policies are as follows:
Function Module | Permission Name | IAM Role | ||
admin | user | reviewer | ||
Instance Management | Billing Mode | Y | Y | Y |
Instance Management | Instance Scaling Down | Y | ||
Instance Management | Cluster Backup | Y | Y | |
Instance Management | Monitoring Query | Y | Y | Y |
Instance Management | Query | Y | Y | Y |
Instance Management | Delete Restore Point | Y | Y | |
Instance Management | Access Cluster Details | Y | Y | Y |
Instance Management | Modify Frontend Configuration | Y | Y | |
Instance Management | Frontend Address | Y | Y | |
Instance Management | Frontend Node More Buttons | Y | Y | Y |
Instance Management | Frontend Node Management | Y | Y | Y |
Instance Management | Frontend Starts | Y | Y | |
Instance Management | Frontend Stops | Y | Y | |
Instance Management | View Frontend Configuration | Y | Y | Y |
Instance Management | Create Account | Y | Y | |
Instance Management | Delete Account | Y | Y | |
Instance Management | Modify Account Remarks | Y | Y | |
Instance Management | Account Management | Y | Y | Y |
Instance Management | Modify Account Permission | Y | Y | |
Instance Management | Reset Account Password | Y | Y | |
Instance Management | Instructions for use of accounts | Y | Y | Y |
Instance Management | Alarm Management | Y | Y | Y |
Instance Management | Alarm Event History | Y | Y | Y |
Instance Management | Notification Group | Y | Y | |
Instance Management | Notification Policy | Y | Y | |
Instance Management | Alarm Rules | Y | Y | |
Instance Management | Alarm Sending History | Y | Y | Y |
Instance Management | Application Management | Y | Y | |
Instance Management | Backup Policy | Y | Y | |
Instance Management | Download Certificate | Y | Y | Y |
Instance Management | Update Certificate | Y | Y | |
Instance Management | Client Session | Y | Y | |
Instance Management | Auto Refresh | Y | Y | Y |
Instance Management | Console Switchover | Y | Y | Y |
Instance Management | Distributed Cache | Y | Y | Y |
Instance Management | Clear Group Data | Y | Y | |
Instance Management | Command Window | Y | Y | |
Instance Management | Delete | Y | Y | |
Instance Management | Query | Y | Y | Y |
Instance Management | Modify | Y | Y | |
Instance Management | Instance Management | Y | Y | Y |
Instance Management | Subscription Cycle Conversion | Y | Y | |
Instance Management | Instance Parameter Settings | Y | Y | |
Instance Management | Frontend Monitoring | Y | Y | Y |
Instance Management | Client Monitoring | Y | Y | Y |
Instance Management | Instance | Y | Y | Y |
Instance Management | One-click detection readonly | Y | Y | Y |
Instance Management | Data Flashback | Y | Y | |
Instance Management | Backup Object Storage | Y | Y | |
Instance Management | Bulk active/standby switchover | Y | Y | |
Instance Management | Redis Cluster Details | Y | Y | Y |
Instance Management | Instance Configuration | Y | Y | |
Instance Management | Strong Consistency Configuration | Y | Y | |
Instance Management | Add New | Y | Y | |
Instance Management | Application Data Management | Y | Y | Y |
Instance Management | Resynchronize Data | Y | Y | |
Instance Management | Running Log | Y | Y | Y |
Instance Management | Clear Instance Data | Y | Y | |
Instance Management | Node Monitoring | Y | Y | Y |
Instance Management | Redis More Buttons | Y | Y | Y |
Instance Management | Redis Cluster Node Management | Y | Y | Y |
Instance Management | One-click Restore Management | Y | Y | Y |
Instance Management | Redis Resource Monitoring | Y | Y | Y |
Instance Management | Clone | Y | Y | |
Instance Management | One-click Restore | Y | Y | |
Instance Management | Slow Query | Y | Y | Y |
Instance Management | Redis Starts | Y | Y | |
Instance Management | Redis Stops | Y | Y | |
Instance Management | Active/Standby Switchover | Y | Y | |
Instance Management | Silent Policy | Y | Y | |
Instance Management | Clear Slow Logs | Y | Y | |
Instance Management | Historical slow query log | Y | Y | Y |
Instance Management | Slow Query Log | Y | Y | Y |
Instance Management | SSL connection description | Y | Y | Y |
Instance Management | SSL Encryption | Y | Y | |
Instance Management | Top-Key Analysis | Y | Y | Y |
Instance Management | Real Time | Y | Y | Y |
Instance Management | Add New Instance Account | Y | Y | |
Instance Management | Instance Account | Y | Y | Y |
Instance Management | Monitoring and Alarms | Y | Y | Y |
Instance Management | Modify Instance Account | Y | Y | |
Instance Management | Command Window | Y | Y | |
Instance Management | Group Management | Y | Y | |
Instance Management | Delete Instance Account new | Y | Y | |
Instance Management | Add New Group | Y | Y | |
Instance Management | Add Account | Y | Y | |
Instance Management | Change Maintenance Time | Y | Y | |
Instance Management | Elastic IP (EIP) | Y | Y | |
Instance Management | Reset Password | Y | Y | |
Instance Management | Corresponding Frontend | Y | Y | |
Instance Management | Query Instance Account | Y | Y | Y |
Instance Management | View Key Details | Y | Y | Y |
Instance Management | Query Key Quantity | Y | Y | Y |
Instance Management | Delete Group | Y | Y | |
Instance Management | Clear Data | Y | Y | |
Instance Management | Renew | Y | ||
Instance Management | Unsubscribe | Y | ||
Instance Management | Add a trustlist group | Y | Y | |
Instance Management | Delete Trustlist | Y | Y | |
Instance Management | Trustlist Settings | Y | Y | |
Instance Management | Modify Instance Configuration | Y | Y | |
Instance Management | Expiration Time | Y | Y | Y |
Instance Management | Scale Up | Y | ||
Instance Management | Modify Trustlist | Y | Y | |
Instance Management | Delete Instance Data | Y | Y | |
Instance Management | Manage | Y | Y | Y |
Instance Management | Add New Instance | Y | ||
Instance Management | Create Instance | Y | ||
Instance Management | Delete Instance | Y | ||
Instance Management | Instance Expansion | Y | ||