Permissions Management
You can use IMS for free to manage SMS permissions and grant your employees with different permissions, to ensure secure access to your resources.
With IAM, you can use your account to create IAM users for your employees, and grant permissions to the users to control their access to specific resources of various types.
For example, you can create IAM users for software developers and assign specific permissions to allow them to use SMS but disallow them to delete the resources or perform any high-risk operations.
If your account does not need individual IAM users for permissions management, skip this section.
SMS Permissions
By default, new IAM users do not have any permissions assigned. To assign permissions to these new users, you need add them to one or more groups, and attach permission policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services.
SMS is a global service deployed for all physical regions. SMS permissions are assigned to users in the Global project, and the users do not need to switch regions when accessing SMS.
Table 1 lists all the system-defined policies and roles of SMS. The cloud platform services interwork with each other, and some SMS roles are dependent on the roles of other services. When assigning SMS permissions to users, you need to also assign dependent roles for the SMS permissions to take effect.
Operation |
SMS FullAccess (Global) |
OBS OperateAccess (OBS) |
ECS FullAccess |
VPC FullAccess |
|---|---|---|---|---|
Creating migration tasks |
√ |
x |
√ |
√ |
Viewing migration progresses |
√ |
x |
x |
x |
IAM supports two types of policies: system-defined policies and custom policies.
- If an IAM user needs all SMS permissions, attach the preceding system-defined policies to the user group to which the user has been added.
- If an IAM user only needs some SMS permissions, you can create custom policies and attach these policies to the user group to which the user has been added.
For details, see Creating a User and Assigning Permissions.
Compared with system-defined policies, custom policies provide more fine-grained and secure permissions control.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
