Permissions Management
You can free use Identity and Access Management (IAM) to manage OMS permissions and assign different permissions to your employees, to ensure secure access to your resources.
You can create IAM users for your employees, and assign permissions to these users to control their access to specific resources. For example, you can create IAM users for software developers and assign specific permissions to allow them to use OMS resources but disallow them to delete the resources or perform any high-risk operations.
If your Huawei Cloud account does not need individual IAM users for permissions management, you can skip this section.
For more information about IAM, see IAM Service Overview.
OMS Permissions
By default, new IAM users do not have any permissions. To assign permissions to these new users, you need to add them to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services.
When accessing OMS, the users need to switch to the authorized region.
When assigning OMS permissions to a user group, you need to specify region-specific projects where the permissions will take effect. If you select All projects, the permissions will take effect for the user group in all region-specific projects.
Because services on Huawei Cloud interact with each other, the OMS roles are dependent on the roles of other services. Therefore, when assigning OMS roles to a user, you need to also assign the dependent roles to the user for the OMS permissions to take effect.
Table 1 lists all system-defined roles of OMS.
Source Permissions
The following uses an OBS bucket on Huawei Cloud as the source bucket. If your source bucket is on another cloud service platform, contact engineers of the cloud service platform.
- Listing buckets
- Obtaining bucket locations
- Listing objects
- Obtaining object metadata
- Obtaining object content
For details about how to obtain these permissions, see Source Permissions.
Destination Permissions
- Listing buckets
- Obtaining bucket locations
- Listing objects
- Obtaining object metadata
- Obtaining object content
- Listing uploaded parts
- Restoring archive objects
For details about how to obtain these permissions, see Destination Permissions.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
