What Can I Do If the System Displays a Message Indicating Insufficient Permissions When I Click Configure on the Server Monitoring Page?

Symptoms

When you click Configure on the Server Monitoring page as an IAM user account, a message is displayed, indicating that you do not have the required permissions. In this case, the administrator needs to grant the agency query permissions for the user account.

Procedure

1. Add a custom policy for querying the agencies.
   1. Use the Huawei Cloud account to log in to the Huawei Cloud management console.
   2. Ensure that the Huawei Cloud account has been granted the Agent permissions for the region. On the Cloud Eye console, choose Server Monitoring > Elastic Cloud Server. Check whether Configure is displayed above the ECS list.
      • If it is not, the Agent permission has been granted for the region.
      • If it is, click Configure to enable the Agent permissions for the region.
   3. On the management console, hover your mouse over the username in the upper right corner, and choose Identity and Access Management from the drop-down list.
   4. In the navigation pane on the left, choose Permissions. In the upper right corner of the displayed page, click Create Custom Policy.
   5. Enter the following information to create a policy:
      • Policy Name: Specify a custom policy name.
      • Scope: Select Global services.
      • Policy View: Select JSON.
      • Policy Content: Copy the following code and paste it to the text box.

        {
            "Version": "1.1",
            "Statement": [
                {
                    "Action": [
                        "iam:roles:listRoles", 
                        "iam:permissions:listRolesForAgencyOnProject", 
                        "iam:agencies:listAgencies", 
                        "iam:agencies:getAgency",
                        "iam:agencies:createAgency", 
                        "iam:permissions:grantRoleToAgency", 
                        "iam:permissions:grantRoleToAgencyOnProject", 
                        "iam:permissions:revokeRoleFromAgencyOnProject", 
                        "iam:permissions:grantRoleToAgencyOnDomain",
                        "iam:permissions:revokeRoleFromAgencyOnProject", 
                        "iam:permissions:revokeRoleFromAgency", 
                        "iam:permissions:revokeRoleFromAgencyOnDomain"
                    ],
                    "Effect": "Allow"
                }
            ]
        }

      • (Optional) Description: Provide supplementary information about the policy.
   6. Confirm the policy content and click OK to save the policy.
      Figure 1 Create Custom Policy
      

2. Assign permissions to the user account.
   1. On the IAM console, in the navigation pane on the left, choose User Groups, locate the row containing the user group the user account belongs to, and choose More > Manage Permissions in the Operation column.
   2. Click Assign Permissions. On the page displayed, search for the created custom policy, select it, and click OK.
      Figure 2 Assign Permissions