Help Center/ Huawei Cloud Flexus_Huawei Cloud Flexus L Instance/ User Guide/ Granting Permissions to Use FlexusL Instances Through IAM
Updated on 2025-01-08 GMT+08:00
View PDF
Share

Granting Permissions to Use FlexusL Instances Through IAM

FlexusL allows you to use IAM to implement fine-grained permissions control on your FlexusL resources. With IAM, you can:

  • Create IAM users or user groups for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing FlexusL resources.
  • Grant users only the permissions required to perform a given task based on their job responsibilities.
  • Entrust a Huawei Cloud account or a cloud service to perform efficient O&M on your FlexusL resources.

If your Huawei Cloud account meets your permissions requirements, you can skip this section.

This section describes how to grant permissions to a user. Figure 1 shows the process.

Prerequisites

Before assigning permissions to user groups, you should learn about system-defined policies supported by FlexusL and select the policies based on service requirements.

For details about the system-defined policies supported by FlexusL instances, see System-defined policies for FlexusL instances. For the permissions of other services, see System-defined Permissions.

Process Flow

Figure 1 Process for granting FlexusL instance permissions

  1. On the IAM console, create a user group and grant it permissions.

    Create a user group on the IAM console and assign the CORS ReadOnlyAccess permissions to the group.

  2. Create an IAM user and add it to the created user group.

    On the IAM console, create a user and add it to the user group created in 1.

  3. Log in as the IAM user and verify the user permissions.

    Log in to the FlexusL instance console as the created user, and verify the read-only permission for the FlexusL instance. (Assume that the user has only the CORS ReadOnlyAccess permission.)

    • On the FlexusL instance console, perform other operations except for query operations, for example, purchase a FlexusL instance. If you do not have the permission to purchase a instance, the CORS ReadOnlyAccess permission has taken effect.
    • Choose any other service except FlexusL in Service List, such as Virtual Private Cloud. If a message is displayed indicating insufficient permissions to access the service, the IMS ReadOnlyAccess permission has taken effect.