Managing ModelArts Authorization

This section describes how to manage agency authorization by calling ModelArts APIs.

Overview

The process of managing ModelArts authorization is as follows:

  1. , which will be added in a request header for authentication.

  2. Call the API for creating a ModelArts agency to create an agency for ModelArts-dependent services, such as OBS and SWR.

  3. Call the API for configuring authorization to configure ModelArts authorization. The administrator can use this API to set an agency for IAM users and set the access key of the current user.

    Note

    ModelArts functions, such as data management, training management, development environment, and real-time services, can be used only after being authorized.

  4. Call the API for obtaining the authorization list to view the authorization.

  5. Call the API for deleting authorization to delete the authorization of a specified user or all users.

Prerequisites

Procedure

  1. Call the API for creating a ModelArts agency to create an agency for ModelArts-dependent services, such as OBS, SWR, and IEF.

    1. Request body:

      URI: POST https://{endpoint}/v2/{project_id}/agency

      Request header:

      • X-auth-Token →MIIZmgYJKoZIhvcNAQcCoIIZizCCGYcCAQExDTALBglghkgBZQMEAgEwgXXXXXX...

      • Content-Type →application/json

      Request body:

      {
        "agency_name_suffix" : "iam-user01"
      }
      

      Set the italic parameters based on site requirements.

      • endpoint: ModelArts endpoint

      • project_id: Your project ID

      • X-auth-Token: Token obtained in the previous step

      • agency_name_suffix: Customized suffix of the agency name

    2. Response body with status code 200 OK returned (indicating that ma_agency_iam-user01 has been created):

      {
          "agency_name": "ma_agency_iam-user01"
      }
      
  2. Call the API for configuring authorization to configure ModelArts authorization. The administrator can use this API to set an agency for IAM users and set the access key of the current user.

    1. Request body:

      URI: POST https://{endpoint}/v2/{project_id}/authorizations

      Request header:

      • X-auth-Token →MIIZmgYJKoZIhvcNAQcCoIIZizCCGYcCAQExDTALBglghkgBZQMEAgEwgXXXXXX...

      • Content-Type →application/json

      Request body:

      {
        "user_id": "****af917080f5d21f55c018ba19****",
        "type": "agency",
        "content": "ma_agency_iam-user01"
      }
      

      Set the italic parameters based on site requirements. Set user_id to the IAM user ID and content to the ModelArts agency created in the previous step.

    2. Response body with status code 200 OK returned (indicating that the authorization configuration is complete):

      {
          "result": true
      }
      
  3. Call the API for obtaining the authorization list to view the authorization.

    1. Request body:

      URI: GET https://{endpoint}/v2/{project_id}/authorizations

      Request header: X-auth-Token →MIIZmgYJKoZIhvcNAQcCoIIZizCCGYcCAQExDTALBglghkgBZQMEAgEwgXXXXXX...

      Set the italic parameters based on site requirements.

    2. Response body with status code 200 OK returned:

      {
        "auth": [
          {
            "create_time": 1622804433221,
            "user_id": "all-users",
            "user_name": "all-users",
            "type": "agency",
            "content": "modelarts_agency"
          },
          {
            "create_time": 1625457065365,
            "user_id": "****af917080f5d21f55c018ba19****",
            "user_name": null,
            "type": "agency",
            "content": "ma_agency_iam-user01"
          }
        ],
        "total_count": 2
      }
      

      Obtain the authorization information based on the response.

  4. Call the API for deleting authorization to delete the authorization of a specified user or all users.

    1. Request body:

      URI: DELETE https://{endpoint}/v2/{project_id}/authorizations?user_id=****d80fb058844ae8b82aa66d9fe****

      Request header: X-auth-Token →MIIZmgYJKoZIhvcNAQcCoIIZizCCGYcCAQExDTALBglghkgBZQMEAgEwgXXXXXX...

      Set the italic parameters based on site requirements. Set ****d80fb058844ae8b82aa66d9fe**** to the IAM user ID of the specified user.

    2. Response body with status code 200 OK returned (indicating that the authorization has been deleted):

      {
          "result": true
      }
      
    3. If **user_id** is set to **all-users**, the authorization of all IAM users will be deleted. Response body with status code 200 OK returned (indicating that the authorization has been deleted):

      {
          "result": true,
          "success_message": "Delete all-users auth info successfully!"
      }