Updated on 2022-02-22 GMT+08:00

Permission Management

If you need to assign different permissions to employees in your enterprise to access your Anti-DDoS resources, IAM is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure the access to your cloud resources.

With IAM, you can use your account to create IAM users, and assign permissions to the users to control their access to specific resources. For example, some software developers in your enterprise need to use Anti-DDoS resources but must not delete them or perform any high-risk operations. To achieve this purpose, you can create IAM users for the software developers and grant them only the permissions required for using Anti-DDoS resources.

Anti-DDoS Permissions

By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups they belong to. After authorization, the user can perform specified operations on Anti-DDoS based on the permissions.

Anti-DDoS is a project-level service deployed in specific physical regions. Therefore, Anti-DDoS permissions are assigned to users in specific regions and only take effect for these regions. If you want the permissions to take effect for all regions, you need to assign the permissions to users in each region. When accessing Anti-DDoS, the users need to switch to a region where they have been authorized.

Table 1 lists all the system policies supported by Anti-DDoS. For example, some Anti-DDoS policies are dependent on the policies of other services. When assigning Anti-DDoS permissions to users, you need to also assign depending policies for the Anti-DDoS permissions to take effect.

Table 1 Anti-DDoS system policies

Policy Name

Description

Dependencies

Anti-DDoS Administrator

Administrator permissions for Anti-DDoS.

This role depends on the Tenant Guest role.

Tenant Guest: a global role, which must be assigned in the Global project