Creating an IAM User and Granting Permissions to Use Workspace

Scenarios

This section describes how to use IAM to implement fine-grained permissions control for your Workspace resources. With IAM, you can:

• Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to Workspace cloud desktops.
• Grant only the permissions required for users to perform a specific task.

If your Huawei account does not need individual IAM users, you may skip this section.

This section takes the Workspace ReadOnlyAccess permission as an example to describe how to grant an IAM user permissions.

Prerequisites

Learn about the permissions supported by Workspace and choose permissions as required. For the system-defined permissions of other services, see System-defined Permissions.

Example Process

1. Create a user group and grant it permissions.

   Create a user group on the IAM console and grant it the Workspace ReadOnlyAccess permission.

2. Create an IAM user and add them to the user group.

   Create a user on the IAM console and add the user to the group created in 1.

3. Log in as the IAM user and verify the permission.

   Log in to the console as the IAM user, switch to a region where the permission takes effect, and verify the permission (assume that the user has only the Workspace ReadOnlyAccess permission).

   • Choose Service List > Workspace. On the Desktops page, perform operations other than query, such as starting, stopping, restarting, creating, modifying, and deleting a desktop.

     Take starting or stopping a desktop as an example. If a message indicating insufficient permissions is displayed, the Workspace ReadOnlyAccess permission has taken effect.

   • Choose any other service in the Service List, such as Virtual Private Cloud. If a message indicating insufficient permissions to access the service is displayed, the Workspace ReadOnlyAccess permission has taken effect.