Permissions Management
If you need to assign different permissions to employees in your enterprise to control their access to your cloud resources, you can use Identity and Access Management (IAM) for fine-grained permissions management. IAM provides functions such as identity authentication, permissions management, and access control.
With IAM, you can create IAM users and assign permissions to the users to control their access to specific resources.
If your HUAWEI ID does not need individual IAM users for permissions management, skip this section.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview.
Enterprise Switch Permissions
By default, new IAM users do not have any permissions assigned. You need to add them to one or more groups and attach roles to these groups so that these users can inherit permissions from the groups and perform specified operations on cloud services.
Enterprise Switch is a project-level service deployed and accessed in specific physical regions. You need to select a project such as ap-southeast-2 for which the permissions will be granted. If you select All projects, the permissions will be granted for all the projects. You need to switch to the authorized region before accessing Enterprise Switch.
Enterprise Switch uses the same system permissions as VPC. Table 1 lists all the system-defined roles and policies supported by VPC. This VPC role is dependent on other roles. When assigning VPC roles to users, you need to also assign dependent roles for the VPC permissions to take effect.
Policy Name |
Description |
Policy Type |
Dependencies |
|---|---|---|---|
VPC FullAccess |
Full permissions for VPC |
System-defined policy |
To use the VPC flow log function, users must also have the LTS ReadOnlyAccess permission. |
VPC ReadOnlyAccess |
Read-only permissions on VPC. |
System-defined policy |
None |
VPC Administrator |
Most permissions on VPC, excluding creating, modifying, deleting, and viewing security groups and security group rules. To be granted this permission, users must also have the Tenant Guest permission. |
System-defined role |
Tenant Guest policy, which must be attached in the same project as VPC Administrator. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
