Help Center> Cloud Container Instance (CCI)> User Guide> Permissions Management> Creating a User and Granting CCI Permissions
View PDF

Creating a User and Granting CCI Permissions

This chapter describes how to use IAM to implement fine-grained permissions control for your Cloud Container Instance (CCI) resources. With IAM, you can:

  • Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing CCI resources.
  • Grant only the permissions required for users to perform a specific task.
  • Entrust a HUAWEI CLOUD account or cloud service to perform efficient O&M on your CCI resources.

If your HUAWEI CLOUD account does not require individual IAM users, skip this section.

This section describes the procedure for granting permissions (see Figure 1).

Prerequisites

Learn about the permissions (see Permissions Management) supported by CCI. For the system-defined policies of other services, see Permissions Policies.

Process Flow

Figure 1 Process of granting CCI permissions
  1. Create a user group and assign permissions to it.

    Create a user group (for example, Developers) on the IAM console, and assign the CCI CommonOperations policy to the group. CCI is a project-level service. When assigning CCI system-defined policies to users, you also need to assign the IAM ReadOnlyAccess policy to the users.

  2. Create an IAM user.

    Create a user (for example, James) on the IAM console and add the user to the group created in 1.

  3. Log in and verify permissions.

    Log in to the CCI console with the credentials of the user created in 2, and verify that the user has the granted permissions.

    • Choose Service List > Cloud Container Instance. In the navigation pane on the left, choose Workloads > Deployments. On the page displayed, click Create Deployment. If the Deployment is created successfully, the CCI CommonOperations policy has taken effect.
    • Choose Service List > Cloud Container Instance. In the navigation pane on the left, choose Namespaces. On the page displayed, click Create for the target namespace type. If the namespace cannot be created, the CCI CommonOperations policy has taken effect.
Parent topic: Permissions Management