Help Center> Image Management Service> User Guide> Permissions Management> Creating a User and Granting Permissions
View PDF

Creating a User and Granting Permissions

Scenarios

This section describes how to use IAM to implement fine-grained permissions control for your IMS resources. With IAM, you can:

  • Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to IMS resources.
  • Grant only the permissions required for users to perform a task.
  • Entrust a HUAWEI CLOUD account or cloud service to perform professional and efficient O&M on your IMS resources.

If your HUAWEI CLOUD account does not need individual IAM users for permissions management, you can skip over this section.

This section uses the IMS ReadOnlyAccess policy as an example to describe how to grant permissions to a user. Figure 1 shows the process.

Prerequisites

Learn about the permissions (see Permissions Management) supported by IMS and choose policies as needed. For the system policies of other services, see Permissions Policies.

Process Flow

Figure 1 Process for granting IMS permissions
  1. Create a user group and grant permissions to it.

    Create a user group on the IAM console, and grant the read-only permission to the group by assigning the IMS ReadOnlyAccess policy.

  2. Create an IAM user and add the user to the group.

    Create a user on the IAM console and add the user to the group created in 1.

  3. Log in using the IAM user and verify the user permissions.

    Log in to the management console using the IAM user, switch to a region where the permissions take effect, and verify the permissions (assume that the user has only the IMS ReadOnlyAccess permission).

    • In the Service List, choose Image Management Service. On the IMS console, perform operations except querying images, such as creating, modifying, and deleting an image.

      For example, click Create Private Image in the upper right corner. If you are prompted insufficient permissions, the IMS ReadOnlyAccess policy has taken effect.

    • Choose any other service in the Service List, such as Virtual Private Cloud. If a message appears indicating insufficient permissions to access the service, the IMS ReadOnlyAccess policy has taken effect.
Parent topic: Permissions Management