Creating a User Group and Granting Permissions
This topic describes how to use IAM to implement fine-grained permissions control for your WAF resources. With IAM, you can:
- Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to WAF resources.
- Grant only the permissions required for users to perform a task.
- Entrust an account or cloud service to perform professional and efficient O&M on your WAF resources.
If your account does not require individual IAM users, skip this chapter.
This topic describes the procedure for granting permissions (see Figure 1).
Prerequisites
Learn about the permissions supported by WAF in Table 1 and choose policies or roles based on your requirements.
Role/Policy Name |
Description |
Category |
Dependencies |
---|---|---|---|
WAF Administrator |
Administrator permissions for WAF |
System-defined role |
Dependent on the Tenant Guest and Server Administrator roles.
|
WAF FullAccess |
All permissions for WAF |
System-defined policy |
None. |
WAF ReadOnlyAccess |
Read-only permissions for WAF. |
System-defined policy |
Process Flow
- Create a user group and assign permissions.
Create a user group on the IAM console, and attach the WAF Administrator permission to the group.
- Create a user and add the user to the user group.
Create a user on the IAM console and add the user to the group created in 1.
- Log in to the management console as the created user and verify the permissions.
Log in to the WAF console by using the newly created user, and verify that the user only has WAF Administrator permissions for WAF.
Choose any other service in Service List. If a message appears indicating that you have insufficient permissions to access the service, the WAF Administrator policy has already taken effect.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.