- What's New
-
Service Overview(2.0)
- What Is APM
- Functions
- Application Scenarios
- Basic Concepts
- Edition Differences
- Permissions Management
-
Metric Overview
- Exception
- Basic Monitoring
-
Databases
- C3P0 Connection Pool Monitoring
- Cassandra Monitoring
- ClickHouse Database
- DBCP Connection Pool Monitoring
- Druid Connection Pool Monitoring
- EsRestClient Monitoring
- GaussDB Database
- HBase Monitoring
- Hikari Connection Pool Monitoring
- Jetcd Monitoring
- MongoDB Monitoring
- MySQL Database
- ObsClient Monitoring
- Oracle Database
- PostgreSQL Database
- URLs
- External Calls
- Cache
- Agent Monitoring
- Tomcat Monitoring
- Message Queues
- RPC
- IoT
- Communication Protocol
- Privacy and Sensitive Information Protection Statement
- Data Collection
- Usage Restrictions
- Billing
- JavaAgent Updates
- Billing(2.0)
- Getting Started(2.0)
-
User Guide(2.0)
- Before You Start
- Application List
- CMDB Management
-
Application Metric Monitoring
- Overview
- Application Monitoring Details
-
Application Monitoring Configuration
- Configuration Details
- Configuring the MySQL Monitoring Item
- Configuring the HttpClient Monitoring Item
- Configuring the URL Monitoring Item
- Configuring the JavaMethod Monitoring Item
- Configuring the Druid Monitoring Item
- Configuring the ApacheHttpAsyncClient Monitoring Item
- Configuring the Redis Monitoring Item
- Configuring the Jedis Monitoring Item
- Configuring the HBase Monitoring Item
- Configuring the ApacheHttpClient Monitoring Item
- Configuring the Tomcat Monitoring Item
- Configuring the EsRestClient Monitoring Item
- Configuring the WebSocket Monitoring Item
- Configuring the KafkaProducer Monitoring Item
- Configuring the Hikari Monitoring Item
- Configuring the Exception Monitoring Item
- Configuring the Thread Monitoring Item
- Configuring the GC Monitoring Item
- Configuring the JVMInfo Monitoring Item
- Configuring the JVMMonitor Monitoring Item
- Configuring ProbeInfo Monitoring Item
- Monitoring Item Views
- Instance
- Collection Status
- Component Settings
- Tracing
- Application Topology
- URL Tracing
- Resource Tag Management
- Managing Tags
- Alarm Management
- AgentAgent Management
- Configuration Management
- System Management
- Permissions Management
- Change History
-
API Reference(2.0)
- Before You Start
- API Overview
- Calling APIs
- Examples
-
APIs
-
APM
- Querying the application list.
- Querying the Master Address
- Obtaining the AK/SK
- Searching for Components, Environments, and Agents in a Region
- Saving a Monitoring Item
- Querying the Monitoring Item List
- Querying All Agents of an Application
- Enabling or Disabling Collection for an Instance
- Deleting an Agent
- REGION
- CMDB
-
VIEW
- Querying Monitoring Item Configurations
- Querying the Trace Topology
- Querying Event Details
- Querying Span Data
- Obtaining All Data of a Trace
- Obtaining the Trend Graph
- Obtaining Summary Table Data
- Obtaining the Raw Data Table
- Obtaining Raw Data Details
- Obtaining the Instance Information
- Obtaining the Monitoring Item Information
- Obtaining the Details About a Monitoring Item
- AKSK
- ALARM
- TOPOLOGY
- TRANSACTION
- TRACING
-
APM
- Permissions Policies and Supported Actions
- Appendix
- Change History
- Best Practices(2.0)
- FAQs(2.0)
- Service Overview(1.0)
- Getting Started(1.0)
- Best Practices(1.0)
- User Guide
- API Reference
- SDK Reference
-
FAQs
- General FAQs
- Consultation FAQs
-
Usage FAQs
- How Do I Obtain the AK/SK and Project ID?
- How Do I Obtain the AK/SK by Creating an Agency?
- What Can I Do If No Data Is Found or the Data Is Abnormal?
- How Do I Connect APM to Non-Web Programs?
- How Are Tracing Time Lines Drawn?
- How Does APM Collect Probe Data?
- How Does APM Collect Mesh Data?
- How Do I Calculate the Number of Used Instances?
- How Do I Connect the JBoss Server in Standalone Mode to APM?
- What Can I Do If I Cannot Search for Logs Based on Trace IDs?
- How Do I Deploy APM Probes in CCE Containers?
- What Can I Do If the SSH Tunnel Process Is Abnormal?
- How Can I Do If No Topology or Data Is Displayed After the ICAgent and Java Probes Are Installed?
- Why Are Tomcat Thread Metrics Not Displayed on the JVM Monitoring Page?
- Why Is the Allocated Memory Greater Than the Preset Maximum Memory on the JVM Monitoring Page?
- How Do I Determine Whether an ICAgent Has Been Bound in CCE?
-
More Documents
- User Guide (ME-Abu Dhabi Region)
- API Reference (ME-Abu Dhabi Region)
-
User Guide (2.0) (Kuala Lumpur Region)
-
Service Overview
- What Is APM
- Functions
- Application Scenarios
- Basic Concepts
- Edition Differences
- Permissions Management
-
Metric Overview
- Metric Overview
- Exception
- Basic Monitoring
-
Databases
- C3P0 Connection Pool Monitoring
- Cassandra Monitoring
- ClickHouse Database
- DBCP Connection Pool Monitoring
- Druid Connection Pool Monitoring
- EsRestClient Monitoring
- GaussDB Database
- HBase Monitoring
- Hikari Connection Pool Monitoring
- Jetcd Monitoring
- MongoDB Monitoring
- MySQL Database
- ObsClient Monitoring
- Oracle Database
- PostgreSQL Database
- URLs
- External Calls
- Cache
- Agent Monitoring
- Tomcat Monitoring
- Message Queues
- RPC
- IoT
- Communication Protocol
- Privacy and Sensitive Information Protection Statement
- Data Collection
- Usage Restrictions
- Getting Started
-
User Guide
- Before You Start
- Application List
- CMDB Management
-
Application Metric Monitoring
- Overview
- Application Monitoring Details
-
Application Monitoring Configuration
- Configuration Details
- Configuring the MySQL Monitoring Item
- Configuring the HttpClient Monitoring Item
- Configuring the URL Monitoring Item
- Configuring the JavaMethod Monitoring Item
- Configuring the Druid Monitoring Item
- Configuring the ApacheHttpAsyncClient Monitoring Item
- Configuring the Redis Monitoring Item
- Configuring the Jedis Monitoring Item
- Configuring the HBase Monitoring Item
- Configuring the ApacheHttpClient Monitoring Item
- Configuring the Tomcat Monitoring Item
- Configuring the EsRestClient Monitoring Item
- Configuring the WebSocket Monitoring Item
- Configuring the KafkaProducer Monitoring Item
- Configuring the Hikari Monitoring Item
- Configuring the Exception Monitoring Item
- Configuring the Thread Monitoring Item
- Configuring the GC Monitoring Item
- Configuring the JVMInfo Monitoring Item
- Configuring the JVMMonitor Monitoring Item
- Configuring ProbeInfo Monitoring Item
- Monitoring Item Views
- Tracing
- Application Topology
- URL Tracing
- Resource Tag Management
- Managing Tags
- Alarm Management
- Agent Management
- Configuration Management
- System Management
- Permissions Management
- FAQs
- Change History
-
Service Overview
- General Reference
Show all
Copied.
Creating a User and Granting Permissions
This chapter describes how to use IAM for fine-grained permissions control for your APM resources. With IAM, you can:
- Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing APM resources.
- Manage permissions on a principle of least permissions (PoLP) basis.
- Entrust an account or cloud service to perform efficient O&M on your APM resources.
If your account does not need individual IAM users, skip this chapter.
This section describes the procedure for granting permissions (see Figure 1).
Prerequisite
Learn about the permissions supported by APM and choose policies or roles based on your requirements. For details, see Permissions Management. For details about the system permissions of other services, see System-defined Permissions.
Process Flow
Supported Cloud Services
- Creating a User Group and Assigning Permissions
Create a user group on the IAM console, and assign the APM ReadOnlyAccess policy to the group.
- Creating an IAM User
Create a user on the IAM console and add the user to the group created in 1.
- Logging In as an IAM User and Verifying Permissions
Log in to the APM console using the created user, and verify that the user only has read permissions for APM.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot