Creating a User and Granting GaussDB(DWS) Permissions

This section describes how to use Identity and Access Management (IAM) to implement fine-grained permissions control for your GaussDB(DWS) resources. With IAM, you can: With IAM, you can:

Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to GaussDB(DWS) resources.
Grant only the permissions required for users to perform specific tasks.
Entrust a Huawei Cloud account or service to perform professional and efficient O&M on your GaussDB(DWS) resources.

If your Huawei Cloud account does not need individual IAM users, you may skip this section.

This section describes the procedure for granting permissions (see Procedure).

Prerequisites

Before assigning permission policies to a user group, you need to understand the GaussDB(DWS) permission policies. For details about the system policies supported by GaussDB(DWS), see Supported System Policies. For the system policies of other services, see System-defined Permissions.

Procedure

Figure 1 Procedure

Create a user group and assign permissions to it.
Use the HUAWEI CLOUD account to log in to the IAM console, create a user group, and attach the DWS ReadOnlyAccess policy to the group.
Create a user and add it to a user group.
Create a user on the IAM console and add the user to the group created in Step 1.
Log in and verify permissions.
Log in to the management console by using the user created and verify the user permissions.
- Choose Service List > Data Warehouse Service to enter the GaussDB(DWS) management console, and click Create DWS Cluster to create a data warehouse cluster. If you cannot create one, the DWS ReadOnlyAccess policy has taken effect.
- Choose any other service in Service List. If only the DWS ReadOnlyAccess policy is added and a message is displayed indicating that you have insufficient permission to access the service, DWS ReadOnlyAccess has taken effect.