Help Center/ Enterprise Management/ User Guide/ Project Management/ FAQs/ How Do I Limit Specific Enterprise Projects to Different IAM Users?
Updated on 2024-08-15 GMT+08:00

How Do I Limit Specific Enterprise Projects to Different IAM Users?

Background

Your account A has two IAM users (User B and User C) and two enterprise projects (B and C).

You want to:

  • Allow user B to view and manage resources only in enterprise project B.
  • Allow user C to view and manage resources only in enterprise project C.

Procedure

  1. Create user groups.

    In the IAM console, create user groups B and C.

    For details how to create a user group and assign permissions, see Creating a User Group and Assigning Permissions.
    Figure 1 Created user groups

  1. Add users to user groups.

    Add user B and user C to groups B and C, respectively.

    For details about how to create a user and add it to the user group, see Creating an IAM User.

    Figure 2 Adding a user to a user group

  1. Assign permissions to user groups.

    Assign policies, for example, ELB FullAccess, to groups B and C.

    1. In the Operation column of the row containing user group B, click Authorize.
    2. Select the ELB FullAccess policy and click Next.
    3. Select a scope and click OK.
      Select Enterprise projects for Scope, and select enterprise project B in the displayed enterprise project list.
      Figure 3 Selecting a scope
    4. Click Finish.
    5. Repeat steps 3.a to 3.d to assign the ELB FullAccess policy to user group C.

Verification

Log in to the management console as user B and create a load balancer. If only enterprise project B can be selected, the permissions have taken effect.