Help Center> Anti-DDoS> Service Overview> Accessing and Using Anti-DDoS> Permission Management
Updated on 2022-02-22 GMT+08:00
View PDF

Permission Management

If you need to assign different permissions to employees in your enterprise to access your Anti-DDoS resources, IAM is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your HUAWEI CLOUD resources.

With IAM, you can use your HUAWEI CLOUD account to create IAM users for your employees, and assign permissions to the users to control their access to specific resource types. For example, some software developers in your enterprise need to use Anti-DDoS resources but must not delete them or perform any high-risk operations. To achieve this result, you can create IAM users for the software developers and grant them only the permissions required for using Anti-DDoS resources.

If your HUAWEI CLOUD account does not need individual IAM users for permissions management, skip this topic.

IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see the IAM Service Overview.

Anti-DDoS Permissions

By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups they belong to. After authorization, the user can perform specified operations on Anti-DDoS based on the permissions.

Anti-DDoS is a project-level service deployed in specific physical regions. Therefore, Anti-DDoS permissions are assigned to users in specific regions and only take effect for these regions. If you want the permissions to take effect for all regions, you need to assign the permissions to users in each region. When accessing Anti-DDoS, the users need to switch to a region where they have been authorized.

Table 1 lists all the system policies supported by Anti-DDoS. For example, some Anti-DDoS policies are dependent on the policies of other services. When assigning Anti-DDoS permissions to users, you need to also assign depending policies for the Anti-DDoS permissions to take effect.

Table 1 Anti-DDoS system policies

Policy Name

Description

Dependencies

Anti-DDoS Administrator

Administrator permissions for Anti-DDoS.

This role depends on the Tenant Guest role.

Tenant Guest: a global role, which must be assigned in the Global project