Creating a User and Granting Permissions
This section describes how to use Identity and Access Management (IAM) to implement fine-grained permissions control for your FunctionGraph resources. With IAM, you can:
- Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials for accessing FunctionGraph resources.
- Grant only the permissions required for users to perform a task.
- Entrust other accounts or cloud services to perform professional and efficient O&M on your FunctionGraph resources.
If your account does not need individual IAM users, then you may skip over this chapter.
This section describes the procedure for granting permissions. For details, see Figure 1.
Prerequisites
Before assigning permissions to user groups, you should learn about the system permissions listed in Permissions Management. For the system policies of other services, see System Permissions.
Process
- Create a user group and assign permissions.
Create a user group on the IAM console, and assign the FunctionGraph Invoker role to the group.
- Create an IAM user and add it to the user group.
Create a user on the IAM console and add the user to the group created in 1.
- Logging In as an IAM User and Verifying Permissions
Log in to the management console as the created user and check whether this user only has read permissions for FunctionGraph:
- Choose Service List > FunctionGraph to access the FunctionGraph console. In the navigation pane, choose Functions > Function List. Then click Create Function. If a message appears indicating insufficient permissions to perform the operation, the FunctionGraph Invoker role has already taken effect.
- Choose any other service in the Service List. If a message appears indicating insufficient permissions to access the service, the FunctionGraph Invoker role has already taken effect.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
