Creating a User and Assigning Permissions
This section describes how to use IAM for fine-grained permissions control on your SMS resources. With IAM, you can:
- Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user is assigned their own distinct security credentials for SMS.
- Assign only the minimum permissions required for users to perform a given task.
- Entrust a Huawei Cloud account or cloud service to perform professional and efficient O&M on your SMS resources.
A Huawei Cloud account has all the permissions required for using SMS by default. If you use your Huawei Cloud account to perform migration, skip this chapter.
Figure 1 shows the process for assigning permissions.
Prerequisites
Before assigning permissions to user groups, you should learn about system policies supported by SMS and choose policies or roles based on service requirements. For more information about system policies supported by SMS, see SMS Permissions. For the permissions supported by other services, see System-defined Permissions.
Procedure
- Create a user group and assign permissions to it.
- If the IAM users who will be added to this group need all SMS permissions, attach system-defined policies SMS FullAccess, OBS OperateAccess, ECS FullAccess, VPC FullAccess, and EVS FullAccess to the group.
- If the IAM users only need specific SMS permissions, create custom policies and attach these policies to the user group. For details, see SMS Custom Policies.
Compared with system-defined policies, custom policies provide more fine-grained and secure permissions control.
- Create a user and add it to a user group.
Create a user on the IAM console and add the user to the group created in 1.
- Log in to the management console as the created user.
In the authorized region, perform the following operations:
- Choose Service List > Server Migration Service. In the navigation pane on the left, choose Servers. In the server list, locate the server to be migrated, and click Configure in the Target column to configure the target server. If the target server can be configured, the permissions have taken effect.
- Choose a service other than SMS and its dependents services in the Service List. If a message appears indicating that you have insufficient permissions to access the service, the permissions have taken effect.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.