What Can I Do If the System Displays a Message Indicating Insufficient Permissions When I Click Configure on the Server Monitoring Page?

Symptoms

When an IAM user clicked Configure on the Server Monitoring page, a message indicating insufficient permissions was displayed.

Probable Causes

The IAM agency permissions are not configured for the IAM user.

Procedure

1. Add a policy for querying the agencies.
   1. Log in to the Huawei Cloud management console using an account or IAM user that has the permissions to create custom policies and grant permissions to other IAM users.
   2. Ensure that the account has been granted the Agent permissions for the region by performing the following operations: On the Cloud Eye console, choose Server Monitoring > Elastic Cloud Server. Check whether Configure is displayed above the ECS list.
      • If no, the Agent permissions have been granted for the region.
      • If yes, click Configure to enable the Agent permissions for the region.
   3. Hover your mouse over the username in the upper right corner and choose Identity and Access Management from the drop-down list.
   4. In the navigation pane, choose Permissions > Policies/Roles. Search for the CES agency policy CES AgencyCheck Access. If the policy can be found, grant permissions by referring to Step 2. If the policy does not exist, perform the following steps to create a custom policy:
      1. Click Create Custom Policy in the upper right corner.
         1. Configure the following parameters:
            • Policy Name: Specify a custom policy name.
            • Policy View: Select JSON.
            • Policy Content: Copy the following code and paste it to the text box.

              {
                  "Version": "1.1",
                  "Statement": [
                      {
                          "Action": [
                              "iam:agencies:createAgency",
                              "iam:agencies:getAgency",
                              "iam:agencies:listAgencies",
                              "iam:permissions:grantRoleToAgency",
                              "iam:permissions:grantRoleToAgencyOnDomain",
                              "iam:permissions:grantRoleToAgencyOnProject",
                              "iam:permissions:listRolesForAgency",
                              "iam:permissions:listRolesForAgencyOnDomain",
                              "iam:permissions:listRolesForAgencyOnProject",
                              "iam:permissions:revokeRoleFromAgency",
                              "iam:permissions:revokeRoleFromAgencyOnDomain",
                              "iam:permissions:revokeRoleFromAgencyOnProject",
                              "iam:roles:createRole",
                              "iam:roles:listRoles",
                              "iam:roles:updateRole"
                          ],
                          "Effect": "Allow"
                      }
                  ]
              }

            • Description: (Optional) Provide supplementary information about the policy.
         2. Confirm the policy content(see Figure 1) and click OK to save the policy.
            Figure 1 Create Custom Policy
            

2. Assign permissions to the IAM user.
   1. In the navigation pane, choose User Groups, locate the user group that contains the IAM user, and choose Authorize in the Operation column.

      

   2. Search for the added custom policy name or CES AgencyCheck Access, select the policy, and click Next.

      

   3. Select Global services and click OK.

      

   4. If Authorization successful is displayed, click Finish.