Creating a User and Granting Permissions

IAM enables you to perform a refined management on your Cloud Eye service. It allows you to:

Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing Cloud Eye resources.
Grant different permissions to IAM users based on their job responsibilities.
Entrust an account or a cloud service to perform efficient O&M on your Cloud Eye resources.

If your account does not require individual IAM users, skip this topic.

This topic describes the procedure for granting permissions (see Figure 1).

Prerequisites

Before assigning permissions to a user group, you need to understand the Cloud Eye system policies that can be added to the user group and select a policy as required.

For details about the system policies supported by Cloud Eye and the comparison between these policies, see Permissions.

Process Flow

Figure 1 Process for granting Cloud Eye permissions

Create a user group and assign permissions.
Create a user group on the IAM console, and attach the CES Administrator, Tenant Guest, and Server Administrator policies to the group.
- Cloud Eye is a region-specific service and must be deployed in specific physical regions. Cloud Eye permissions can be assigned and take effect only in specific regions. If you want a permission to take effect for all regions, assign it in all these regions. The global permission does not take effect.
- The preceding permissions are all Cloud Eye permissions. For more refined Cloud Eye permissions, see Permissions Management.
Create a user on the IAM console and add the user to the group created in 1.
Log in and verify permissions.
Log in to the Cloud Eye console as the created user, and verify that the user only has the CES Administrator permissions.