IAM User Permissions
With IAM, you can grant fine-grained permissions to IAM users under your account by configuring permission policies.
The following table lists the permissions that are required for IAM users to use different MgC functions. For details about how to configure permission policies, see Creating a Custom Policy.
Function |
Permission |
---|---|
Configuring a server purchase template |
vpc:vpcs:list (Listing VPCs) vpc:subnets:get (Querying subnets or querying details about a subnet) vpc:publicips:list (Listing EIPs) vpc:securityGroups:get (Querying security groups or querying details about a security group) eps:enterpriseProjects:list (Listing enterprise projects) ecs:availabilityZones:list (Listing AZs) |
Creating a server migration workflow |
vpc:vpcs:list (Listing VPCs) vpc:vpcs:get (Querying VPC details) vpc:subnets:get (Querying subnets or querying details about a subnet) vpc:publicips:list (Listing EIPs) vpc:publicips:get (Querying details about an EIP) vpc:securityGroups:get (Querying security groups or querying details about a security group) eps:enterpriseProjects:list (Listing enterprise projects) eps:enterpriseProjects:get (Querying details about an enterprise project) |
Getting server recommendations |
ecs:cloudServerFlavors:get (Querying details about flavors and extended flavor information) ecs:cloudServers:list (Querying details about ECSs) ecs:cloudServers:showServer (Querying details about an ECS) ecs:flavors:get (Querying ECS flavors) ims:images:list (Listing images) ims:images:get (Querying details about an image) evs:volumes:list (Querying EVS disks) evs:types:get (Querying EVS disk types) |
Creating a Cross-AZ migration workflow |
ecs:availabilityZones:list (Listing AZs) |
Configuring Product Mappings for TCO Analysis |
ecs:cloudServerFlavors:get (Querying details about flavors and extended flavor information) ims:images:list (Listing images) evs:types:get (Querying EVS disk types) |
Creating a migration cluster |
Tenant Guest (read-only permissions for all cloud services except IAM) nat:natGateways:list (Querying NAT gateways) smn:topic:list (Querying a topic) |
Creating an Agency |
iam:agencies:listAgencies (Querying agencies based on specified conditions) iam:roles:listRoles (Listing permissions) iam:quotas:listQuotas (Listing quotas) iam:permissions:listRolesForAgency (Listing permissions of an agency) iam:agencies:createAgency (Creating an agency) iam:permissions:grantRoleToAgency (Granting specified permissions to an agency) iam:roles:createRole (Creating a custom policy) iam:roles:updateRole (Modifying a custom policy) |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.