Creating a User and Granting Permissions

Scenarios

This section describes how to use Identity and Access Management (IAM) to implement fine-grained permissions control over your images. With IAM, you can:

Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own identity credentials for accessing images.
Grant only the permissions required for users to perform a specific task.
Entrust an account or cloud service to perform professional and efficient O&M on your images.

If your account does not need individual IAM users for permissions management, you can skip this section.

This section uses the IMS ReadOnlyAccess permission as an example to describe how to grant permissions to a user. Figure 1 shows the process.

Prerequisites

Learn about the permissions (see IMS Permissions) supported by IMS.

Process Flow

Figure 1 Process for granting IMS permissions

Create a user group and grant permissions to it.
Create a user group on the IAM console, and grant the read-only permission to the group by assigning the IMS ReadOnlyAccess permission.
Create an IAM user and add it to the user group.
Create a user on the IAM console and add the user to the group created in 1.
Log in and verify permissions.
Log in to the management console using the IAM user, switch to a region where the permissions take effect, and verify the permissions (assume that the user has only the IMS ReadOnlyAccess permission).
- In the Service List, choose Image Management Service. On the IMS console, perform operations except querying images, such as creating, modifying, and deleting an image.
  For example, click Create Private Image in the upper right corner. If you are prompted insufficient permissions, the IMS ReadOnlyAccess permission has taken effect.
- Choose any other service in the Service List, such as Virtual Private Cloud. If a message appears indicating insufficient permissions to access the service, the IMS ReadOnlyAccess permission has taken effect.