Creating a User and Granting Permissions

If your account does not need individual IAM users, then you may skip over this section.

This chapter describes fine-grained permissions management on DDM. For details, see Service Overview > What Is IAM in the Identity and Access Management User Guide.

Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to DDM resources.
Grant only the permissions required for users to perform a specific task.
Entrust an account or cloud service to perform professional and efficient O&M on your DDM resources.

This section describes the procedure for granting permissions.

Prerequisites

Before assigning permissions to user groups, you should learn about DDM system policies and select the policies based on service requirements. For details about the system permissions supported by DDM, see Service Overview > Permissions Management in the Distributed Database Middleware User Guide. For the system policies of other services, see System Permissions > System Permissions.

Process Flow

Figure 1 Flowchart for granting DDM permissions

Create a user group and assign permissions to it.
Create a user group on the IAM console, and assign the DDM ReadOnlyAccess policy to the group.
Create an IAM user and add it to a user group.
Create a user on the IAM console and add the user to the group created in step 1.
Log in and verify permissions.
Log in to the DDM console using the created user, and verify that the user only has read permissions for DDM.
- Choose Service List > Distributed Database Middleware and click Buy DDM Instance to buy a DDM instance. If you cannot buy a DDM instance, the DDM ReadOnlyAccess permission has taken effect.
- Choose any other service in the Service List (assuming that there is only the DDM ReadOnlyAccess policy). If a message appears indicating insufficient permissions to access the service, the DDM ReadOnlyAccess policy has already taken effect.