Help Center> Graph Engine Service> User Guide> Permissions Management> Creating a User
Updated on 2024-01-03 GMT+08:00
View PDF

Creating a User

If you need to assign different permissions to employees in your enterprise to access GES resources, Identity and Access Management(IAM) is a good choice for fine-grained permissions management.

With IAM, you can:

  • Create IAM users for different employees based on the organizational structure of your enterprise. Each IAM user will have their own login credentials for access to GES resources.
  • Grant users only the permissions required to perform a given task.
  • Entrust a cloud account or cloud service to perform professional and efficient O&M on your GES resources.

If your account does not need individual IAM users, then you may skip over this chapter.

Permission Type

Type
  • Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. There are only a limited number of roles. When using roles to grant permissions, you need to also assign dependency roles. However, roles are not an ideal choice for fine-grained authorization and secure access control.
  • Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. Policies allow for more flexible permissions control than roles. They allow you to meet requirements for more secure access control. For example, you can grant GES users only the permissions for managing a certain type of cloud servers.

    GES ReadOnlyAccess is a policy.

Procedure

This section describes how to use a group to grant permissions to a user. Figure 1 shows the process.

Figure 1 Granting GES permissions
  1. Create a user group and assign permissions.

    Create a user group on the IAM console, and assign the GES ReadOnlyAccess policy to the group.

  2. Create a user and add it to a user group.

    Create a user on the IAM console and add the user to the group created in step 1.

  3. Log in as the user you created and verify permissions.

    Log in to the management console using the user your created and verify the user permissions.

    • Choose Service List > Graph Engine Service to enter the GES management console, and click Create Graph in the upper right corner to create a graph. If you cannot create one, the GES ReadOnlyAccess policy has taken effect.
    • Choose any other service in Service List. If a message appears indicating that you have insufficient permissions to access the service, the GES ReadOnlyAccess policy has taken effect.
Parent topic: Permissions Management