How Do I Limit Specific Enterprise Projects to Different IAM Users?
Background
Your account A has two IAM users (User B and User C) and two enterprise projects (B and C).
You want to:
- Allow user B to view and manage resources only in enterprise project B.
- Allow user C to view and manage resources only in enterprise project C.
Procedure
- Create user groups.
In the IAM console, create user groups B and C.
For details how to create a user group and assign permissions, see Creating a User Group and Assigning Permissions.Figure 1 Created user groups
- Add users to user groups.
Add user B and user C to groups B and C, respectively.
For details about how to create a user and add it to the user group, see Creating an IAM User.
Figure 2 Adding a user to a user group
- Assign permissions to user groups.
Assign policies, for example, ELB FullAccess, to groups B and C.
- In the Operation column of the row containing user group B, click Authorize.
- Select the ELB FullAccess policy and click Next.
- Select a scope and click OK.
Select Enterprise projects for Scope, and select enterprise project B in the displayed enterprise project list.Figure 3 Selecting a scope
- Click Finish.
- Repeat steps 3.a to 3.d to assign the ELB FullAccess policy to user group C.
Verification
![Click to enlarge](https://support.huaweicloud.com/eu/usermanual-em/en-us_image_0000001254065775.png)
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.