tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
Stream Compute Service
    Documentation
    Download PDF

    Space Role Permissions

    Last updated: 2023-11-08 10:16:06
    Download PDF
      Within the framework of the unified Tencent Cloud CAM, Stream Compute Service has its own predefined system for space role permissions ‍to help coordinate between different business departments of your organization. These permissions help you isolate compute resources of different businesses and control at a finer granularity the permissions of different members to view and operate jobs and files.

      Predefined role permissions

      ‍Stream Compute Service provides four predefined space roles:
      1. Super admin: Specified by the root account, a super admin has the highest level of access other than operating the root account and can be shared between different regions.
      2. Space admin: Specified by the root account or a super admin account, a space admin has the permission to add or remove the members in a space.
      3. Developer: Added to a space by a space admin/super admin/root account in the Members ‍module, a developer can operate jobs in the space.
      4. Guest: Added to a space by a space admin/super admin/root account in the Members ‍module, a guest can only view resources in the space.
      The detailed permissions of all predefined roles are as follows:
      Permission
      Super Admin
      Space Admin
      Developer
      Guest
      Create/Terminate cluster
      ✔️
      Modify cluster info
      ✔️
      Renew/Upgrade cluster
      ✔️
      View cluster
      ✔️
      ✔️
      ✔️
      ✔️
      Add/Delete space
      ✔️
      Modify space attribute
      ✔️
      Associate/Disassociate cluster with/from space
      ✔️
      Add/Delete space member
      ✔️
      ✔️
      Modify space member role
      ✔️
      ✔️
      Edit super admin
      ✔️
      Create/Delete job
      ✔️
      ✔️
      ✔️
      Run/Stop job
      ✔️
      ✔️
      ✔️
      Develop/Test job
      ✔️
      ✔️
      ✔️
      Monitor alarm
      ✔️
      ✔️
      ✔️
      View job
      ✔️
      ✔️
      ✔️
      ✔️
      Create/Delete dependency
      ✔️
      ✔️
      ✔️
      Edit dependency
      ✔️
      ✔️
      ✔️
      View dependency
      ✔️
      ✔️
      ✔️
      ✔️
      Create/Delete metadatabase
      ✔️
      ✔️
      ✔️
      Create/Delete metadata table
      ✔️
      ✔️
      ✔️
      View metadata
      ✔️
      ✔️
      ✔️
      ✔️
      Operate directory
      ✔️
      ✔️
      ✔️

      Granting predefined role permissions

      Before granting space role permissions, you must have granted the target sub-account the access to Stream Compute Service and associated it with the required CAM policy. For details, see Granting Basic Permissions.
      1. Add a super admin. Log in to the console with the root account or a super admin account, ‍select Role permissions on the left sidebar, and click Edit on the page to add one or more sub-accounts as super admin. A super admin has the highest level of access other than operating the root account and can be shared between different regions.
      Note
      A super admin account can assist the root account in cases where it is inconvenient to use the root account. You can set super admins as needed.
      If you log in with an account other than the root account or a super admin account, the Edit button will not appear.
      2. Create a space with the root account or a super admin account. Log in the console with the root account or a super admin account, select Workspaces on the left sidebar, and click Create workspace on the page.
      Note
      You can create up to 30 workspaces in a region with the same APPID.
      3. Associate a space with compute resources. Log in the console with the root account or a super admin account, select Workspaces on the left sidebar, and click Associate now next to the compute resources field of the workspace created to go to the Compute resources module. Select the cluster to be associated with the space. Till now, the compute resources and the space are associated with each other, and the compute resources will be available when you create a job in the space. To disassociate the space from compute resources, go to the Compute resources module, ‍and click Disassociate space.
      Note
      Space and cluster association limits: A cluster can be used by up to 10 spaces, but there is no limit on the number of clusters a space can use.
      4. Add a sub-account and grant a role in a space. Log in the console with the root account or a super admin account, select Workspaces on the left sidebar, go to the space created, select Members, and click Add member.

      ‍Adding custom role permissions

      1. On the Role permissions page, click Custom role.
      2. Enter the required information and click Save.
      3. Grant the permissions based on rules.
      
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy