Permission Dependency of the AAD Console
When using AAD, you may need to view resources of or use other cloud services. So you need to obtain required permissions for dependent services so that you can view resources or use AAD functions on AAD Console. To that end, make sure you have the AAD FullAccess or AAD ReadOnlyAccess assigned first. For details, see Creating a User and Granting the AAD Access Permission.
Dependency Policy Configuration
To grant an IAM user the permissions to view or use resources of other cloud services on the AAD console, you must first grant the CAD Administrator, AAD FullAccess, or AAD ReadOnlyAccess policy to the user group to which the user belongs and then grant the dependency policies listed in the table below to the user. The dependency policies in Table 1 will allow the IAM user to access resources of other cloud services.
Console Function |
Dependent Service |
Roles or Policy |
---|---|---|
Adding a domain name. |
Cloud Certificate Manager (CCM) |
If the origin server uses the HTTPS forwarding protocol, pulling certificates requires the SCM ReadOnlyAccess permission. |
Configuring AAD logs |
Log Tank Service (LTS) |
The LTS ReadOnlyAccess system policy is required to select log group and log stream names created in LTS. |
Enabling alarm notifications |
Simple Message Notification (SMN) |
The SMN ReadOnlyAccess system policy is required to obtain SMN topic groups. |
Configuring instance tags |
Tag Management Service (TMS) |
Tag keys can be created only after the TMS FullAccess system policy is added. |
Purchasing an AAD instance |
Enterprise Project Management Service (EPS) |
You can select an enterprise project when purchasing an instance only after adding the EPS ReadOnlyAccess system policy. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot