Help Center> Server Migration Service> User Guide> Permissions Management> Creating a User and Assigning Permissions
Updated on 2024-03-29 GMT+08:00
View PDF

Creating a User and Assigning Permissions

This section describes how to use IAM for fine-grained permissions control on your SMS resources. With IAM, you can:

  • Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user is assigned their own distinct security credentials for SMS.
  • Assign only the minimum permissions required for users to perform a given task.
  • Entrust a Huawei Cloud account or cloud service to perform professional and efficient O&M on your SMS resources.

A Huawei Cloud account has all the permissions required for using SMS by default. If you use your Huawei Cloud account to perform migration, skip this chapter.

Figure 1 shows the process for assigning permissions.

Prerequisites

You must learn about the permissions (see Permissions Management) supported by SMS and choose policies or roles based on your service requirements. For the permissions supported by other services, see System Permissions.

Process Flow

Figure 1 Process for assigning SMS permissions

Procedure

  1. Create a user group and assign permissions to it.

    • If the IAM users who will be added to this group need all SMS permissions, attach system-defined policies, including SMS FullAccess, OBS OperateAccess, ECS FullAccess, and VPC FullAccess to the group.
    • If the IAM users only need specific SMS permissions, create custom policies and attach these policies to the user group. For details, see SMS Custom Policies.

      Compared with system-defined policies, custom policies provide more fine-grained and secure permissions control.

  2. Create a user and add it to a user group.

    Create a user on the IAM console and add the user to the group created in 1.

  3. Log in and verify permissions.

    Log in to the management console as the created user, and verify the user's permissions for SMS.

    • Choose Service List > Server Migration Service. In the navigation pane on the left, choose Servers. In the server list, locate the server to be migrated, and click Configure in the Target column to configure the target server. If the target server can be configured, the permissions have taken effect.
    • Choose a service other than SMS and its dependents services in the Service List. If a message appears indicating insufficient permissions to access the service, the permissions have taken effect.

Parent topic: Permissions Management