Creating a User Group and Granting Permissions
This section describes how to use Identity and Access Management (IAM) to implement fine-grained permissions control for your CFW resources. With IAM, you can:
- Create IAM users for employees in different departments based on your organizational structure. Each IAM user has their own security credentials used to access CFW resources.
- Grant only the permissions required for users to perform a task.
- Entrust an account or cloud service to perform professional and efficient O&M on your CFW resources.
If your Huawei account does not require individual IAM users, skip this chapter.
This topic describes the procedure for granting permissions (see Figure 1).
Prerequisites
Learn about the permissions supported by CFW in Table 1 and choose policies or roles based on your requirements.
Process Flow
- Create a user group and assign permissions.
Create a user group on the IAM console, and attach the CFW ReadOnlyAccess policy to the group.
- Creating an IAM User.
Create a user on the IAM console and add the user to the group created in 1.
- Log in and verify permissions.
Log in to the CFW console by using the newly created user, and verify that the user only has CFW Administrator permissions for CFW.
- Choose Cloud Firewall in the service list. Click Buy CFW on the CFW console. If you cannot buy CFW (assuming that only the CFW FullAccess permission is granted), the CFW FullAccess policy has already taken effect.
- Choose any other service in Service List. Assume that the current policy contains only the CFW FullAccess permission. If a message appears indicating that you have insufficient permissions to access the service, the CFW FullAccess policy has already taken effect.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.