Updated on 2024-04-16 GMT+08:00

Creating a User and Granting Permissions

This section describes how to use IAM to implement fine-grained permissions control for your TMS resources. With IAM, you can:

  • Create IAM users for employees based on your organizational structure. Each IAM user has their own security credentials for accessing TMS resources.
  • Grant users only the permissions required to perform a given task based on their job responsibilities.
  • Entrust an account or a cloud service to perform operations for your TMS resources.

If your account does not need individual IAM users, skip this section.

Figure 1 shows the process flow for granting permissions.

Prerequisites

Before granting permissions, learn about the TMS permissions and select the permissions as required. For details about the system-defined permissions supported by TMS, see TMS Permissions. To grant permissions for other services, learn about all permissions.

Flowchart

Figure 1 Granting TMS permissions
  1. On the IAM console, create a user group and assigning permissions. Here, TMS ReadOnlyAccess permissions are used as an example.
  2. Create an IAM user and add it to the created user group.

  3. Log in and verify permissions.

    The created user logs in to the console and verifies permissions as described below:

    • Choose Service List > Tag Management Service. In the navigation pane on the left, click Predefined Tags. In the upper right corner of the displayed page, click Create Tag. If a message appears indicating that you have insufficient permissions to perform the operation, and if you can view existing predefined tags in the Predefined Tags page, the TMS ReadOnlyAccess policy is in effect.
    • Choose another service from Service List. If a message appears indicating that you have insufficient permissions to access the service, the TMS ReadOnlyAccess policy is in effect.