Permissions and Policies

To assign different access permissions to your employees for KooMessage, Identity and Access Management (IAM) is your solution. IAM provides identity authentication, permissions management, and access control, helping you efficiently manage access to your cloud resources.

With IAM, you can create IAM users and grant them permission to access only specific resources. For example, some software developers in your enterprise need to use KooMessage resources but must not delete them or perform risky operations. Simply create IAM users for these developers and grant them only usage permissions.

If your Huawei Cloudcloud account does not require individual IAM users for permissions management, you can skip this section.

IAM is a free service. You only pay for the resources in your account. For more information about IAM, see IAM Service Overview.

KooMessage Permissions

New IAM users do not come with default permissions, so first add them to one or more groups, then attach policies or roles to these groups. Users can operate cloud services as allowed by their assigned permissions.

KooMessage is a project-level service deployed for specific regions. To assign Cloud Phone permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect. All projects lets the permissions take effect for the user group in all region-specific projects. When accessing KooMessage resources, the users will need to switch to their authorized region.

Grant permissions by using roles and policies.

Roles: A coarse-grained IAM authorization strategy to assign permissions based on user responsibilities. Available service-level roles are limited. Cloud services depend on each other. When you grant permissions using roles, you also need to attach dependent roles. Roles are not ideal for finer authorization and access control.
Policies: A fine-grained authorization tool that defines permissions for operations on specific cloud resources under certain conditions. This type of authorization is more flexible and is ideal for least privilege access. For example, you can limit ECS users to permissions for managing a certain type of server.

Table 1 lists all system-defined policies supported by KooMessage.

**Table 1** System-defined permissions
Policy Name	Description	Policy Role	Policy Content
KooMessage FullAccess	Full permissions for KooMessage.	System-defined policies	KooMessage FullAccess Policy

Currently, Email messages support only the KooMessage FullAccess policy. Users with this policy have all permissions for Email messages.

KooMessage FullAccess Policy

{
"Version": "1.1",
"Statement": [
{
"Action": [
"KooMessage:*:*"
],
"Effect": "Allow"
}
]
}

Parent topic: Permissions Management

Previous topic: Permissions Management

Next topic: Constraints

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot