Help Center> Tag Management Service> Service Overview> User Permissions
Updated on 2024-04-11 GMT+08:00
View PDF

User Permissions

You have permissions to manage users and resources.

  • You add users to user groups so that users can inherit permissions attached to user groups which they are in.
  • You can control which resources and what actions a user can access.

To use resource tags, you must have the corresponding permissions on the cloud service. Otherwise, the tag operations on cloud resources may not take effect.

Contact the system administrator to assign the corresponding cloud service permissions to the user group to which you belong.

If you need to perform operations on tags of cloud resources on TMS console, you must have related permissions for viewing, creating, and deleting resource tags and required permissions for the services to which the resources belong. Modify a resource tag involves a process of deleting the old tag and then creating a new tag (with the same tag key but different tag values). So, to modify a cloud resource tag, you must have both related TMS permissions and service permissions to delete and create tags.

  • For system-defined permissions: If you need to add or delete tags for ECS resources on TMS console, both TMS FullAccess permissions and ECS FullAccess permissions are required.
  • For custom permissions: If you need to view ECS resources and tags on the TMS console, not only tms:resourceTags:list permissions, but ecs:servers:getTags and ecs:servers:get permissions are required.

For details about all system-defined permissions of services supported by IAM, see System-defined Permissions. For more information about fine-grained permissions of each service, see corresponding documentations of each service.