Creating a User and Granting SFS Permissions

This chapter describes how to use IAM to implement fine-grained permissions control for your SFS resources. With IAM, you can:

Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing SFS resources.
Grant only the permissions required for users to perform a specific task.

If your cloud account does not require individual IAM users, skip this section.

This section describes the procedure for granting permissions (see Figure 1).

Learn about the permissions (see Permissions) supported by SFS and choose policies or roles according to your requirements.

All system-defined policies and custom policies are supported in SFS Capacity-Oriented file systems.
Both system-defined policies and custom policies are supported in SFS Turbo file systems.

Figure 1 Process for granting SFS permissions

Create a user group and assign permissions to it.
Create a user group on the IAM console, and attach the SFS ReadOnlyAccess or SFS Turbo ReadOnlyAccess policy to the group.
Create a user and add it to a user group.
Create a user on the IAM console and add the user to the group created in 1.
Log in and verify permissions.
Log in to the SFS console using the created user, and verify that the user only has read permissions for SFS.
- Choose Scalable File Service. Click Create File System on the SFS console. If a message appears indicating that you have insufficient permissions to perform the operation, the SFS ReadOnlyAccess or SFS Turbo ReadOnlyAccess policy has already taken effect.
- Choose any other service. If a message appears indicating that you have insufficient permissions to access the service, the SFS ReadOnlyAccess or SFS Turbo ReadOnlyAccess policy has already taken effect.