If you need to set different access permissions for employees in your organization to the YI-MapReduce service resources that have already been created, to achieve permission isolation among different employees, you can use the Identity and Access Management (IAM), role management, and user permissions for fine-grained permission management. The IAM service provides user identity authentication. The role management service allocates menu permissions for different roles. The user permission service assigns different roles to different IAM users, providing cluster access control. These features can help you securely control resource access.
If your existing account meets your requirements and there is no need to create separate IAM users for permission management, you can skip this section. It will not affect your use of other YI-MapReduce service functions.
YI-MapReduce Permission Description
By default, IAM users created by the administrator do not have any permissions. They need to be assigned actual roles to obtain corresponding permissions. This process is known as authorization. After authorization, users can operate cloud services based on the granted permissions.
Role management defines menu permission roles, which apply to all clusters; while user permissions define different roles for different IAM users, which apply to a single cluster. Therefore, role management is conducted under the administrator account, while user permissions are operated within a single cluster.
Role Management: As shown below, it includes all menu functions of YI-MapReduce. You can assign different menu functions to different roles based on personal needs.
User Permissions: As shown below, users can add access permissions for different users for a specific cluster. Users can be added individually or in batches.
