Creating a User and Granting SFS Permissions
This section describes how to use IAM to implement fine-grained permissions control for your SFS resources. With IAM, you can:
- Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing SFS resources.
- Grant only the permissions required for users to perform a specific task.
If your Huawei Cloud account does not require individual IAM users, skip this section.
This section describes the procedure for granting permissions (see Figure 1).
Prerequisites
Learn about the permissions (see System-defined roles and policies) supported by SFS and choose policies or roles according to your requirements. For the permissions of other services, see System Permissions.
Use Restrictions
- All system-defined policies and custom policies are supported in SFS Capacity-Oriented file systems.
- Both system-defined policies and custom policies are supported for SFS Turbo and general purpose file systems.
Process Flow
- Create a user group and assign permissions to it.
On the IAM console, create a user group and grant it read-only permissions:
For SFS Capacity-Oriented, grant the SFS ReadOnlyAccess policy.
For SFS Turbo, grant the SFS Turbo ReadOnlyAccess policy.
For General Purpose File System, grant the SFS3 ReadOnlyAccess policy.
- Create a user and add it to a user group.
Create a user on the IAM console and add the user to the group created in 1.
- Log in and verify permissions.
Log in to the SFS console using the created user, and verify that the user only has read permissions for SFS.
- Choose Service List > Scalable File Service. On the SFS console, click Create File System in the upper right corner. If a message appears indicating that you have insufficient permissions to perform the operation, the corresponding policy is in effect.
For SFS Capacity-Oriented, the SFS ReadOnlyAccess policy is in effect.
For SFS Turbo, the SFS Turbo ReadOnlyAccess policy is in effect.
For General Purpose File System, the SFS3 ReadOnlyAccess policy is in effect.
- Choose another service from Service List. If a message appears indicating that you have insufficient permissions to access the service, the corresponding policy is in effect.
For SFS Capacity-Oriented, the SFS ReadOnlyAccess policy is in effect.
For SFS Turbo, the SFS Turbo ReadOnlyAccess policy is in effect.
For General Purpose File System, the SFS3 ReadOnlyAccess policy is in effect.
- Choose Service List > Scalable File Service. On the SFS console, click Create File System in the upper right corner. If a message appears indicating that you have insufficient permissions to perform the operation, the corresponding policy is in effect.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
