百舸提供了对接资源池和资源队列 RBAC的授权模式,便于对子用户进行细粒度的访问权限控制。本文介绍如何为子用户配置RBAC权限,实现对百舸资源池和资源队列的权限控制。
\n百舸AI计算平台对RBAC 权限管理声明如下:
\n禁止未完成RBAC权限授予的子用户访问资源池资源,请及时联系主账号完成RBAC授权,以免带来生产上的不便。
\n只有如下账号/用户/角色,才能配置百舸的 RBAC 权限:
\n百舸内置了三种级别的RBAC权限,如下所示:
\n| 角色名称 | \n角色说明 | \n依赖成员具备的IAM系统策略 | \n权限范围 | \n
|---|---|---|---|
| 资源池管理员 | \n运维管理资源池和队列的权限(不能创建/删除资源池和节点) | \nAIHCResourceOperatorPolicy | \n资源池全局配置 查看资源池监控/工作负载/资源报表/变更记录等详情信息 关联绑定相关依赖产品(Cprom、PFS、子网等) 封锁资源池节点 创建队列 删除队列 编辑队列(调度策略、队列状态等) 管理队列(添加节点/移出节点/转让节点/封锁节点) 资源池成员管理(添加/移出资源池管理员) 队列成员管理(添加/移出队列管理员/队列算法开发成员) | \n
| 队列管理员 | \n具备队列的管理权限以及添加队列成员(不支持创建/删除队列,不支持修改队列的配额) | \nAIHCDevelopPolicy | \n查看队列详情/队列资源视图/队列节点列表/工作负载/队列成员/队列监控 使用队列的资源,在指定的队列进行算法开发(管理开发机、分布式训练以及推理服务等) | \n
| 队列内算法开发成员 | \n具备在本队列内开发的权限,支持在队列内创建开发机、提交训练任务和部署推理服务 | \nAIHCDevelopPolicy | \n使用队列的资源,在指定的队列进行算法开发(管理开发机、分布式训练以及推理服务等) | \n
\n\n需要同时配置IAM系统策略和百舸内部角色,权限才能生效。如需要设置用户A为资源池1的管理员,则首先需要在IAM系统中授予用户A
\nAIHCResourceOperatorPolicy系统策略,然后在资源池1中为用户A分配资源池管理员的角色.
操作步骤
\n具体操作流程详情见文档
","fields":{"slug":"Cmotjbzvi","title":"配置预置RBAC权限策略","date":"2026-05-06","extractedHeadings":[]},"headings":[{"value":"声明","depth":2},{"value":"授权说明","depth":2},{"value":"前提条件","depth":2},{"value":"权限说明","depth":2},{"value":"配置IAM用户的RBAC授权","depth":2}]}},"pageContext":{"isCreatedByStatefulCreatePages":false,"slug":"Cmotjbzvi","prev":{"id":"7motign9d","name":"配置IAM预置权限策略","path":"7motign9d","filePath":"操作指南/权限管理/配置IAM预置权限策略.md","seo":null,"parentIds":["ilib2qygp","Cm5zi8b8e"],"parents":[{"id":"ilib2qygp","documentId":"bfa43a8b-968a-41a1-8c9d-906507eeaed9","name":"操作指南","repoName":"AIHC","filePath":"操作指南","disabled":false,"path":"ilib2qygp","lastMergeTime":null,"isApiDoc":null,"httpMethod":null,"seo":null,"sourceOrgName":null,"sourceRepoName":null,"sourceDocumentId":null},{"id":"Cm5zi8b8e","documentId":"e67d1395-2f3c-4efe-b715-0fb196dced68","name":"权限管理","repoName":"AIHC","filePath":"操作指南/权限管理","disabled":false,"path":"Cm5zi8b8e","lastMergeTime":"2025-01-16 23:47:39","isApiDoc":null,"httpMethod":null,"seo":{"title":null,"keywords":null,"description":null,"serviceType":null},"sourceOrgName":null,"sourceRepoName":null,"sourceDocumentId":null}]},"next":{"id":"Emmk9ygy0","name":"预留实例劵","path":"Emmk9ygy0","filePath":"操作指南/预留实例劵/预留实例券概述.md","seo":{"title":"","keywords":"","description":"","serviceType":null},"parentIds":["ilib2qygp","Mmmk9w93m"],"parents":[{"id":"ilib2qygp","documentId":"bfa43a8b-968a-41a1-8c9d-906507eeaed9","name":"操作指南","repoName":"AIHC","filePath":"操作指南","disabled":false,"path":"ilib2qygp","lastMergeTime":null,"isApiDoc":null,"httpMethod":null,"seo":null,"sourceOrgName":null,"sourceRepoName":null,"sourceDocumentId":null},{"id":"Mmmk9w93m","documentId":"01fd593b-24ce-46fb-941c-b26a7f40edd5","name":"预留实例劵","repoName":"AIHC","filePath":"操作指南/预留实例劵","disabled":false,"path":"Mmmk9w93m","lastMergeTime":null,"isApiDoc":null,"httpMethod":null,"seo":null,"sourceOrgName":null,"sourceRepoName":null,"sourceDocumentId":""}]},"parents":[{"id":"ilib2qygp","documentId":"bfa43a8b-968a-41a1-8c9d-906507eeaed9","name":"操作指南","repoName":"AIHC","filePath":"操作指南","disabled":false,"path":"ilib2qygp","lastMergeTime":null,"isApiDoc":null,"httpMethod":null,"seo":null,"sourceOrgName":null,"sourceRepoName":null,"sourceDocumentId":null},{"id":"Cm5zi8b8e","documentId":"e67d1395-2f3c-4efe-b715-0fb196dced68","name":"权限管理","repoName":"AIHC","filePath":"操作指南/权限管理","disabled":false,"path":"Cm5zi8b8e","lastMergeTime":"2025-01-16 23:47:39","isApiDoc":null,"httpMethod":null,"seo":{"title":null,"keywords":null,"description":null,"serviceType":null},"sourceOrgName":null,"sourceRepoName":null,"sourceDocumentId":null}],"specificSeo":null}}}