Creating a User and Assigning Live Permissions
This section describes how to use IAM to implement refined permissions management for your Live resources. With IAM, you can:
- Create IAM users for employees from different departments of your enterprise. In this way, each IAM user has a unique security credential to use Live resources.
- Assign only the permissions required for users to perform a specific task.
- Entrust a Huawei Cloud account or cloud service to perform efficient O&M on your Live resources.
If your Huawei Cloud account does not require individual IAM users, skip this section.
This section describes the procedure for assigning permissions. For details, see Figure 1.
Notes
- Submit a service ticket to apply for permissions management in either of the following cases:
- You had created domain names in the AP-Singapore region before March 1, 2022.
- You had created domain names in the CN North-Beijing4 region before March 16, 2022.
After permissions management is enabled, unauthorized IAM users cannot call Live APIs. Ensure that IAM users have been assigned the Live permissions.
- If you use a custom policy but do not use the system-defined permissions Live FullAccess and Live ReadOnlyAccess, you need to add the operation permission live:tenant:getTenantInformation before accessing the Live console.
- After assigning an IAM user the Live FullAccess permission, you need to assign the user the following Cloud Eye permissions to monitor metrics of Live:
- CES ReadOnlyAccess: On the Cloud Eye console, choose Cloud Service Monitoring > Live to view resource monitoring metrics of Live.
- CES FullAccess: On the Cloud Eye console, choose Cloud Service Monitoring > Live to view resource monitoring metrics of Live and perform operations.
Prerequisites
Learn about the system-defined permissions on Live that can be assigned to a user group and assign the permissions as required.
Process Flow
- Creating a user group and assigning permissions
Create a user group on the IAM console and assign it the Live ReadOnlyAccess policy.
- Creating a user and adding them to the user group
Create a user on the IAM console and add the user to the user group created in 1.
- Logging in as the user and verifying permissions
Log in to the console as the created user, and select an authorized region to verify permissions:
Choose Live in Media Services under All Services. On the Live console, choose Domains in the navigation pane to add a domain name. If a message is displayed indicating insufficient permissions for performing the operation, the Live ReadOnlyAccess policy has taken effect.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
