Help Center> Enterprise Management> User Guide> Project Management> Permissions> Enterprise Project Permissions

View PDF

Enterprise Project Permissions

Administrator: The administrator can perform any operations on the Enterprise Project Management page.

IAM user: An IAM user's permissions are granted by the administrator. After an IAM user logs in to the Enterprise Project Management page, the IAM user sees only the enterprise projects assigned by the administrator, and can only manage the resources allocated by the administrator. If the administrator assigns a policy for an IAM user, the IAM user has all the permissions included in the policy.

The administrator can use the system-defined policies or custom policies to assign permissions to users. Policies related to enterprise project include EPS FullAccess, EPS ReadOnlyAccess, and EnterpriseProject BSS FullAccess.

The permissions set in IAM are different from those in Enterprise Management. The administrator can select either IAM or Enterprise Management to manage resource permissions based on enterprise requirements. For details about the differences between the two services, see What Are the Differences Between IAM and Enterprise Management?

**Table 1** Description of the Enterprise Management permissions
Service Name	Permission Name	Permission Description	Typically Associated Personnel
Enterprise Management	EPS FullAccess	Administrator permissions for Enterprise Management, including enterprise project and personnel management. For example, creating organizations, migrating resources, adding/removing user groups, and attaching policies to user groups. These permissions can be assigned by the administrator in the Global region on the IAM console. Administrator permissions for a specific enterprise project, including modifying, enabling, disabling, and viewing the enterprise project. These permissions can be assigned by the administrator or an IAM user with EPS FullAccess permissions on the Enterprise Management console.	Enterprise asset administrators
	EPS ReadOnlyAccess	Read-only permissions for a specific or all enterprise projects Read-only permissions for viewing all enterprise projects and user information. These permissions can be assigned by the administrator in the Global region on the IAM console. Read-only permissions for viewing a specific enterprise project. These permissions can be assigned by the administrator or an IAM user with EPS FullAccess permissions on the Enterprise Management console.	Enterprise asset query personnel
	EnterpriseProject BSS FullAccess	Permissions for operations management of enterprise projects. The detailed permissions are as follows: Viewing fund quota settings of enterprise projects Viewing and exporting cost breakdowns of enterprise projects Viewing fund quota adjustment records of enterprise projects Viewing renewals of enterprise projects Enabling or disabling auto-renewal and manual renewal, changing billing mode from pay-per-use to yearly/monthly, and releasing resources Viewing yearly/monthly orders Placing yearly/monthly orders Unsubscribing from resources and viewing resource unsubscription records Viewing expenditure summary of enterprise projects Exporting expenditure summary of enterprise projects Viewing expenditure details of enterprise projects Exporting expenditure details of enterprise projects	Enterprise asset administrators

EPS FullAccess: This policy grants all EPS permissions. The following is the policy content:

{
   "Version": "1.1",
   "Statement": [
      { 
        "Effect": "Allow",        
        "Action": [            
            "eps:enterpriseProjects:update",        //Modify enterprise projects.
            "eps:enterpriseProjects:create",        //Create enterprise projects.
            "eps:enterpriseProjects:enable",        //Enable enterprise projects.
            "eps:enterpriseProjects:disable",       //Disable enterprise projects.
            "eps:resources:list",                   //View the resource list.
            "eps:resources:add",                    //Add resources to an enterprise project.
            "eps:resources:remove",                 //Remove resources from an enterprise project.
            "iam:groups:list",            
            "iam:policies:list",            
            "iam:enterpriseProjectGroups:combine",             
            "iam:enterpriseProjectGroups:listGroups",             
            "iam:enterpriseProjectGroups:listPolicies"         
         ]      
      }   
   ]
      }

EPS ReadOnlyAccess: This policy grants the permissions to view basic information. The following is the policy content:

{   
   "Version": "1.1",   
   "Statement": [      
      {          
        "Effect": "Allow",         
         "Action": [             
            "eps:resources:list",            
            "iam:enterpriseProjectGroups:listGroups",           
            "iam:enterpriseProjectGroups:listPolicies"         
            ]      
      }   
   ]
      }

EnterpriseProject BSS FullAccess: This policy grants all the operations permissions of an enterprise project. The following is the policy content:

{
      "Version": "1.1",
      "Statement": [
            {
                  "Effect": "Allow",
                  "Action": [
                        "bss:enterpriseProjectFundQuota:view",         //View fund quota settings of enterprise projects.
                        "bss:enterpriseProjectCost:view",              //View and export cost breakdowns of enterprise projects.
                        "bss:enterpriseProjectFundQuotaFinance:view",  //View fund quota adjustment records of enterprise projects.
                        "bss:renewal:view",                            //View renewals of enterprise projects.
                        "bss:renewal:update",                          //Enable or disable auto-renewal and manual renewal, change billing mode from pay-per-use to yearly/monthly, and release resources.
                        "bss:order:view",                              //View yearly/monthly orders.
                        "bss:order:update",                            //Place yearly/monthly orders.
                        "bss:unsubscribe:update",                      //Unsubscribe from resources and view unsubscription records.
                        "bss:bill:view",                               //View expenditure summary of enterprise projects.
                        "bss:bill:update",                             //Export expenditure summary of enterprise projects.
                        "bss:billDetail:view",                         //View expenditure details of enterprise projects.
                        "bss:billDetail:update"                        //Export expenditure details of enterprise projects.
                  ]
      }   
   ]
      }

For an IAM user that has used an enterprise project, the permissions may change (the default enterprise project cannot be viewed, resources cannot be viewed, or resources cannot be added to or removed from an enterprise project). Configure policies based on the required permissions. For details, see Other Operations.

Parent topic: Permissions

Last Article: Permissions

Next Article: Cloud Service Permissions

Did this article solve your problem?

Thank you for your score！Your feedback would help us improve the website.

Products

Compute

Application

Dedicated Cloud

Storage

Management & Deployment

Migration

Network

Enterprise Intelligence

Video

Database

Edge Cloud Services

DevCloud

Security

Cloud Communications

Internet of Things

Solutions

Industry-Specific Solutions

General-Purpose Solutions

Security

DevOps

Enterprise Intelligence

Essential Platform

Big Data

Visual Cognition

Speech and Semantics

Support

Help Center

Customer Services

Developers

Console

语言 - Language

中国站 - 简体中文

中国站 - English

International - 简体中文

International - English

Help Center

Enterprise Project Permissions