Updated on 2024-09-20 GMT+08:00

Scenario

A company needs to manage multiple project teams and assign resources and personnel to different projects. This section presents the best practice for multi-project management to address company A's requirements.

Requirements

  • Requirement 1: The company needs resources in CN-Hong Kong and AP-Singapore. The resources will be allocated to two project teams. Resources of the two project teams need to be isolated from each other. Resource access needs to be authorized, for example, only authorized IAM users can access a specific ECS.
  • Requirement 2: Members in a team cannot access resources of other teams and only have the least privilege required to complete related tasks.
  • Requirement 3: Costs can be managed independently for the tow project teams

Solution

  • Solution to requirement 1: Enterprise Project Management (EPS) and Identity and Access Management (IAM) can both help you isolate resources between projects. However, the implementation logic and functions of the two services are different.
    • EPS: An enterprise project can contain resources of different regions, and resources in different enterprise projects are logically isolated. You can add resources to and remove resources from an enterprise project.
    • IAM: An IAM project can contain resources of only one region, and resources in different IAM projects are physically isolated.
In conclusion, EPS is more flexible than IAM. It is recommended that the company use enterprise projects to manage resources. The solutions to the requirement 2 and 3 are based on EPS. For more information about the differences between IAM projects and enterprise projects, see What Are the Differences Between IAM Projects and Enterprise Projects?.
  • Solution to requirement 2: The company can use IAM to create users and user groups; add users to the user groups as needed; add add user groups to enterprise projects created based on requirement 1; and assign permissions to user groups based on table 10-1.
    Figure 1 Personnel management model
    Table 1 User group permissions

    User Group

    Responsibility

    Permissions

    Description

    Accounting team

    Project expenditure management

    Enterprise Project BSS FullAccess

    Permissions for accounting management of enterprise projects

    Development team

    Project development

    ECS FullAccess

    Full permissions for Elastic Cloud Server (ECS)

    OBS FullAccess

    Full permissions for Object Storage Service (OBS)

    ELB FullAccess

    Full permissions for Elastic Load Balance (ELB)

    Security maintenance team

    Security O&M of the project

    ECS CommonOperations

    Permissions for basic ECS operations

    CAD Administrator

    Full permissions for Advanced Anti-DDoS (AAD)

    Operations team

    Overall operations of the project

    EPS FullAccess

    Full permissions for EPS, including modifying, enabling, disabling, and viewing enterprise projects.

    For details about permissions of all Huawei Cloud services, see System-defined Permissions.

  • Solution to requirement 3: The company can use EPS to independently manage renewals, orders, accounting, unsubscriptions, changes, and quotas of each enterprise project. For details, see Enterprise Project Accounting Management.