Creating a User and Granting Permissions
This topic describes how to use IAM to implement fine-grained permissions control for your Cloud Eye resources. With IAM, you can:
- Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing Cloud Eye resources.
- Grant only the permissions required for users to perform a special task.
- Entrust a HUAWEI CLOUD account or cloud service to perform efficient O&M on your Cloud Eye resources.
If your HUAWEI CLOUD account does not require individual IAM users, skip this topic.
This topic describes the procedure for granting permissions (see Figure 1).
Prerequisites
- Learn about the system policies supported by Cloud Eye (see System-defined policy summary) and choose policies according to your requirements. For the permissions of other services, see System Permissions.
- Create a user group and assign permissions to it.
Create a user group on the IAM console, and attach the CES Administrator, Tenant Guest, and Server Administrator policies to the group.
- Cloud Eye is a region-specific service and must be deployed in specific physical regions. Cloud Eye permissions can be assigned and take effect only in specific regions. If you want a permission to take effect for all regions, assign it in all these regions. The global permission does not take effect.
- To grant more refined Cloud Eye permissions to user groups, see System-defined policy summary.
- Create an IAM user.
Create a user on the IAM console and add the user to the group created in 1.
- Log in and verify permissions.
Log in to the Cloud Eye console as the created user, and verify that the user only has the CES Administrator permissions.
Last Article: Permissions Management
Next Article: Cloud Eye Custom Policies
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.