Creating a User and Granting DNS Permissions
You can use IAM for fine-grained permissions control for your DNS. With IAM, you can:
- Create IAM users for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing DNS resources.
- Grant users only the permissions required to perform a given task based on their job responsibilities.
- Entrust a Huawei Cloud account or a cloud service to perform efficient O&M on your DNS resources.
If your Huawei Cloud account does not require individual IAM users, you can skip this section.
Figure 1 shows the process of granting permissions.
Prerequisites
Before granting permissions to user groups, learn about system-defined permissions in Permissions for DNS. To grant permissions for other services, learn about all system-defined permissions supported by IAM.
Process Flow
- Create a user group and assign it permissions (DNS ReadOnlyAccess as an example).
Create a user group on the IAM console and assign the DNS ReadOnlyAccess permissions to the group.
- Create an IAM user and add it to the created user group.
The user group is the one you have created in step 1.
- Log in as the IAM user and verify permissions.
In the authorized region, perform the following operations:
- Choose Service List > Domain Name Service. On the DNS console, choose Overview > Public Zones. On the displayed page, click Create Public Zone. If the public zone cannot be created, the DNS ReadOnlyAccess policy has already taken effect.
- Choose any other service from Service List. If a message appears, indicating that you have insufficient permissions to access the service, the DNS ReadOnlyAccess policy has already taken effect.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
