Help Center/ Migration Center/ User Guide/ Permissions Management/ IAM User Permissions
Updated on 2025-07-10 GMT+08:00

IAM User Permissions

With IAM, you can grant fine-grained permissions to IAM users under your account by configuring permission policies.

The following table lists the permissions that are required for IAM users to use different MgC functions. For details about how to configure permission policies, see Creating a Custom Policy.

Function

Permission

Configuring a server purchase template

vpc:vpcs:list (Listing VPCs)

vpc:subnets:get (Querying subnets or querying details about a subnet)

vpc:publicips:list (Listing EIPs)

vpc:securityGroups:get (Querying security groups or querying details about a security group)

eps:enterpriseProjects:list (Listing enterprise projects)

ecs:availabilityZones:list (Listing AZs)

Creating a server migration workflow

vpc:vpcs:list (Listing VPCs)

vpc:vpcs:get (Querying VPC details)

vpc:subnets:get (Querying subnets or querying details about a subnet)

vpc:publicips:list (Listing EIPs)

vpc:publicips:get (Querying details about an EIP)

vpc:securityGroups:get (Querying security groups or querying details about a security group)

eps:enterpriseProjects:list (Listing enterprise projects)

eps:enterpriseProjects:get (Querying details about an enterprise project)

Getting server recommendations

ecs:cloudServerFlavors:get (Querying details about flavors and extended flavor information)

ecs:cloudServers:list (Querying details about ECSs)

ecs:cloudServers:showServer (Querying details about an ECS)

ecs:flavors:get (Querying ECS flavors)

ims:images:list (Listing images)

ims:images:get (Querying details about an image)

evs:volumes:list (Querying EVS disks)

evs:types:get (Querying EVS disk types)

Creating a Cross-AZ migration workflow

ecs:availabilityZones:list (Listing AZs)

Configuring Product Mappings for TCO Analysis

ecs:cloudServerFlavors:get (Querying details about flavors and extended flavor information)

ims:images:list (Listing images)

evs:types:get (Querying EVS disk types)

Creating a migration cluster

Tenant Guest (read-only permissions for all cloud services except IAM)

nat:natGateways:list (Querying NAT gateways)

smn:topic:list (Querying a topic)

Creating an Agency

iam:agencies:listAgencies (Querying agencies based on specified conditions)

iam:roles:listRoles (Listing permissions)

iam:quotas:listQuotas (Listing quotas)

iam:permissions:listRolesForAgency (Listing permissions of an agency)

iam:agencies:createAgency (Creating an agency)

iam:permissions:grantRoleToAgency (Granting specified permissions to an agency)

iam:roles:createRole (Creating a custom policy)

iam:roles:updateRole (Modifying a custom policy)
Parent Topic: Permissions Management