Help Center/ Media Processing Center/ User Guide/ Using IAM to Grant Access to MPC/ Using IAM Identity Policies to Grant Access to MPC
Updated on 2026-02-25 GMT+08:00

Using IAM Identity Policies to Grant Access to MPC

System-defined permissions in identity policy-based authorization provided by Identity and Access Management (IAM) let you control access to MPC. With IAM, you can:

  • Create IAM users or user groups for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing MPC resources.
  • Grant users only the permissions required to perform a given task based on their job responsibilities.
  • Entrust a Huawei Cloud account or a cloud service to perform efficient O&M on your MPC resources.

If your Huawei Cloud account meets your permissions requirements, you can skip this section.

Figure 1 shows the process of identity policy-based authorization.

Prerequisites

Before assigning permissions, learn about the system-defined permissions in Identity Policy-based Authorization for MPC. To grant permissions for other services, learn about all system-defined permissions supported by IAM.

Process Flow

Figure 1 Process of granting MPC permissions
  1. On the IAM console, create an IAM user or create a user group.

    Create a user or user group on the IAM console.

  2. Attach a system-defined identity policy to the user or user group.

    Attach the system-defined identity policy MPCReadOnlyPolicy to the user or user group.

  3. Log in as the IAM user and verify permissions.

    In the authorized region, perform the following operations:

    • Choose Media Processing Center in Service List. In the navigation pane on the left, choose Media Processing > Transcode. On the page that is displayed, create a transcoding task. If a message is displayed indicating insufficient permissions for performing the operation, the MPCReadOnlyPolicy policy is in effect.
    • Choose another service in Service List. If a message is displayed indicating insufficient permissions for performing the operation, the MPCReadOnlyPolicy policy is in effect.

Example Custom Identity Policies

You can create custom identity policies to supplement the system-defined identity policies of MPC. For details about actions supported by custom identity policies, see Actions Supported by Identity Policy-based Authorization.

To create a custom identity policy, choose either visual editor or JSON.

  • Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy grammar.
  • JSON: Create a JSON policy or edit an existing one.

For details, see Creating a Custom Identity Policy and Attaching It to a Principal.

The following lists examples of common MPC custom identity policies.

  • Example 1: Assigning all permissions on MPC
    {
        "Version": "5.0",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "mpc:*:*"
                ]
            }
        ]
    }
  • Example 2: Assigning the read-only permission on MPC
    {
        "Version": "5.0",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "mpc:transcodeTask:view",
                    "mpc:ageniesTask:view"
                ]
            }
        ]
    }
  • Example 3: Creating a custom identity policy containing multiple actions
    A custom identity policy can contain the actions of one or more services. Example:
    {
        "Version": "5.0",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "mpc:transcodeTask:create"
                ]
            },
            {
                "Effect": "Allow",
                "Action": [
                    "smn:topic:create"
                ]
            }
        ]
    }