Help Center> Server Migration Service> User Guide> Permissions Management> Creating a User and Assigning Permissions
View PDF

Creating a User and Assigning Permissions

This section describes how to use IAM to implement fine-grained permissions control on your SMS resources. With IAM, you can:

  • Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user is assigned their own distinct security credentials for SMS.
  • Assign only the minimum permissions required for users to perform a given task.
  • Entrust a HUAWEI CLOUD account or cloud service to perform professional and efficient O&M on your SMS resources.

A HUAWEI CLOUD account has all permissions required for using SMS by default. If you use your HUAWEI CLOUD account to perform migration, skip this chapter.

Figure 1 shows the process for assigning permissions.

Prerequisites

You must learn about the permissions (see Permissions Management) supported by SMS and choose policies or roles based on your service requirements. For the system permissions of other services, see System Permissions.

Process Flow

Figure 1 Process for assigning SMS permissions

Procedure

  1. Create a user group and assign permissions to it.

    • If the IAM users who will be added to this group need all SMS permissions, attach the system-defined policies supported by SMS, including SMS FullAccess, OBS OperateAccess, ECS FullAccess, and VPC FullAccess, to the group.
    • If the IAM users only need specific SMS permissions, create custom policies and attach these policies to the user group. For details, see SMS Custom Policies.

      Compared with system-defined policies, custom policies provide more fine-grained and secure permissions control.

  2. Create an IAM user and add it to the user group.

    Create a user on the IAM console and add the user to the group created in 1.

  3. Log in and verify permissions.

    Log in to the management console as the created user, and verify the user's permissions for SMS.

    • Choose Service List > Server Migration Service. In the navigation pane on the left, click Servers. In the server list, locate the server to be migrated, and click Configure in the Target column to configure the target server. If the target server can be configured, the permissions have taken effect.
    • Choose any other service in the Service List. If a message appears indicating insufficient permissions to access the service, the permissions have taken effect.

Parent topic: Permissions Management