Creating a User and Granting Permissions

This section describes how to use IAM to implement fine-grained permissions control for your CCI resources. With IAM, you can:

Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing CCI resources.
Grant users only the permissions required to perform a given task based on their job responsibilities.
Entrust an account or cloud service to perform efficient O&M on your CCI resources.

If your account does not require individual IAM users, skip this section.

The following is the procedure for granting permissions (see Figure 1).

You have learned about the permissions supported by CCI.

Figure 1 Process of granting CCI permissions

Create a user group and assign permission.
Create a user group (for example, Developers) on the IAM console and assign the CCI CommonOperations policy to the group. CCI is a project-level service. When assigning system-defined policies to users, you also need to assign the IAM ReadOnlyAccess policy to the users.
Create a user and add it to a user group.
Create a user (for example, James) on the IAM console and add the user to the group created in 1.
Log in as the user you created and verify permissions.
Log in to the management console as the user you created and verify that the user has the assigned permissions.
- Choose Service List > Cloud Container Instance. In the navigation pane, choose Workloads. On the Deployments tab, click Create Deployment. If the Deployment is created successfully, the CCI CommonOperations policy has taken effect.
- Choose Service List > Cloud Container Instance. In the navigation pane, choose Namespaces. On the page displayed, click Create Namespace. If the namespace cannot be created, the CCI CommonOperations policy has taken effect.