Updated on 2024-07-26 GMT+08:00

Why Permissions Granted to a User Do Not Take Effect?

Symptom

Permissions that you grant to an IAM user do not take effect.

Troubleshooting

  1. Cause: Incorrect permissions were granted to the user group to which the user belongs.

    Solution: Ask the administrator to modify the permissions granted to the user group to which the IAM user belongs. For details, see "Viewing or Modifying User Group Information" in the Identity and Access Management User Guide. For details about permissions, see "System-defined Permissions".

  2. Cause: Actions are denied by the permissions granted to the user.

    View the system-defined permissions granted to the IAM user and check whether there is a policy statement that denies the action. For details, see "Policy Syntax" in the Identity and Access Management User Guide. If the system-defined permissions cannot meet your requirements, create a custom policy to allow the action. For details, see "Creating a Custom Policy" in the Identity and Access Management User Guide.

  3. Cause: The IAM user has not been added to the user group with permissions assigned.

    Solution: Add the user to the target user group as the administrator. For details, see "Adding Users to or Removing Users from a User Group" in the Identity and Access Management User Guide.

  4. Cause: For a regional service, the user group is not assigned with permissions in specific regions.

    Assign permissions to the user group in specific regions. If you have assigned the user only permissions for a default region-specific project, the user does not have permissions for the subprojects. In this case, assign permissions for the required subproject. For details, see "Creating a User Group and Assigning Permissions" in the Identity and Access Management User Guide.

  5. Cause: The IAM user has not switched to the region where the user has been authorized to use cloud resources.

    Remind the user to switch to the region where the user is authorized to use cloud resources. For details, see "Projects" in the Identity and Access Management User Guide.

  6. Cause: If the administrator has granted OBS permissions to the user, the permissions will take effect 15 to 30 minutes after the authorization.

    Check the permissions after 15 to 30 minutes and try again.

  7. Cause: The browser cache has not been cleared for a long time.

    Clear the browser cache and try again.

  8. Cause: If you have granted permissions to a user in both IAM and Enterprise Management, the permissions for enterprise projects may not take effect. IAM authentication takes precedence over Enterprise Management authentication.

    Modify the permissions of the user on the IAM console.

Related FAQ

Symptom: You have granted an IAM user only required permissions but the user has more permissions.

Possible causes:

  1. The required permissions you granted to the IAM user have dependency permissions, which are automatically assigned so that the required permissions can take effect for the user.
  2. You have granted other permissions to the IAM user in Enterprise Project Management. If you manage projects and users using IAM, cancel the permissions configured there. For details, see "Deleting Enterprise Projects That Are Managed by a User" in the Enterprise Management User Guide..