Creating a User and Assigning Permissions

Scenarios

This section describes how to use IAM to implement fine-grained permissions control for your Workspace resources. With IAM, you can:

• Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to Workspace.
• Assign only the permissions required for users to perform a specific task.

If your Huawei account does not need individual IAM users, you may skip this section.

This section takes the Workspace ReadOnlyAccess permission as an example to describe how to assign permissions to an IAM user.

Prerequisites

Learn about the permissions supported by Workspace and choose policies or roles as required. For the system permissions of other services, see System Permissions.

Example Process

1. Create a user group and assign permissions.

   Create a user group on the IAM console, and assign the Workspace ReadOnlyAccess permission to the group.

2. Create an IAM user and add it to the user group.

   Create a user on the IAM console and add the user to the group created in .

3. Log in and verify permissions.

   Log in to the management console as the IAM user, switch to a region where the permissions take effect, and verify the permissions (assume that the user has only the Workspace ReadOnlyAccess permission).

   • Choose Service List > Workspace. On the Desktops page, perform operations other than query, such as starting, stopping, restarting, creating, modifying, and deleting a desktop.

     Take starting or stopping a desktop as an example. If a message indicating insufficient permissions is displayed, the Workspace ReadOnlyAccess permission has taken effect.

   • Choose any other service in the Service List, such as Virtual Private Cloud. If a message indicating insufficient permissions to access the service is displayed, the Workspace ReadOnlyAccess permission has taken effect.