Diese Seite ist in Ihrer lokalen Sprache noch nicht verfügbar. Wir arbeiten daran, weitere Sprachversionen hinzuzufügen. Vielen Dank für Ihre Unterstützung.
- Service Overview
- Getting Started
-
User Guide
- Permissions Management
- Enterprise Routers
- Attachments
- Route Tables
- Associations
- Propagations
- Routes
-
Routing Control
-
Route Policies
- Route Policy Overview
- Creating a Route Policy
- Associating a Route Policy with an Enterprise Router
- Changing the Route Policy Associated with an Enterprise Router
- Disassociating a Route Policy from an Enterprise Router
- Modifying a Route Policy
- Viewing a Route Policy
- Deleting a Route Policy
- Adding a Policy Node to a Route Policy
- Modifying a Policy Node in a Route Policy
- Exporting Policy Nodes in a Route Policy
- Viewing a Policy Node in a Route Policy
- Deleting a Policy Node from a Route Policy
-
IP Prefix Lists
- IP Prefix List Overview
- Creating an IP Prefix List
- Modifying the Name of an IP Prefix List
- Viewing an IP Prefix List
- Deleting an IP Prefix List
- Adding a Prefix Rule to an IP Address Prefix List
- Modifying an IP Prefix Rule in an IP Prefix List
- Exporting Prefix Rules in an IP Prefix List
- Viewing a Prefix Rule in an IP Prefix List
- Deleting a Prefix Rule from an IP Prefix List
-
AS_Path Lists
- AS_Path List Overview
- Creating an AS_Path List
- Modifying the Name of an AS_Path List
- Viewing an AS_Path List
- Deleting an AS_Path List
- Adding an AS_Path Filter to an AS_Path List
- Exporting AS_Path Filters in an AS_Path List
- Viewing an AS_Path Filter in an AS_Path List
- Deleting an AS_Path Filter from an AS_Path List
-
Route Policies
- Sharing
- Flow Logs
- Monitoring and Audit
- Tags
- Quotas
-
Best Practices
- Summary on Enterprise Router Best Practices
- Using Enterprise Router to Isolate VPCs in the Same Region
- Using a Third-Party Firewall to Protect VPCs Connected by Enterprise Routers
- Enabling an On-Premises Data Center to Access Service VPCs Using an Enterprise Router and Transit VPC
- Setting Up a Hybrid Cloud Network Using Enterprise Router and Direct Connect Global DC Gateway
-
Setting Up a Hybrid Cloud Network Using Enterprise Router and a Pair of Direct Connect Connections (Global DC Gateway)
- Overview
- Network and Resource Planning
- Process of Setting Up a Hybrid Cloud Network Using Enterprise Router and a Pair of Direct Connect Connections (Global DC Gateway)
- Procedure for Setting Up a Hybrid Cloud Network Using Enterprise Router and a Pair of Direct Connect Connections (Global DC Gateway)
-
Setting Up a Hybrid Cloud Network Using Enterprise Router and a Pair of Active/Standby Direct Connect Connections (Global DC Gateway)
- Overview
- Network and Resource Planning
- Process of Setting Up a Hybrid Cloud Network Using Enterprise Router and a Pair of Active/Standby Direct Connect Connections (Global DC Gateway)
- Procedure for Setting Up a Hybrid Cloud Network Using Enterprise Router and a Pair of Active/Standby Direct Connect Connections (Global DC Gateway)
- Setting Up a Hybrid Cloud Network Using Enterprise Router, VPN, and Direct Connect (Global DC Gateway)
- Setting Up a Hybrid Cloud Network Using Enterprise Router and Direct Connect (Virtual Gateway)
- Setting Up a Hybrid Cloud Network Using Enterprise Router, VPN, and Direct Connect (Virtual Gateway)
- Allowing VPCs to Share an EIP to Access the Internet Using Enterprise Router and NAT Gateway
- Using Enterprise Router to Migrate the Network Set Up Through VPC Peering
- Using Enterprise Router to Migrate the Network Set Up Through Direct Connect (Global DC Gateway)
- API Reference
- FAQs
Show all
Introduction
This topic describes fine-grained permissions management for your Enterprise Router resources. If your account does not need individual IAM users, you may skip this topic.
By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign policies or roles to these groups. The user then inherits permissions from the groups. After authorization, the user can perform specified operations on cloud services based on the permissions.
An account has all of the permissions required to call all APIs, but IAM users must be assigned the required permissions. The permissions required for calling an API are determined by the actions supported by the API. Only users who have been granted permissions can call the API successfully. For example, if an IAM user wants to query the enterprise router list using an API, the user must have been granted permissions that allow the er:instances:list action.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.