System-defined permissions in role/policy-based authorization provided by Identity and Access Management (IAM) let you control access to Billing Center. With IAM, you can:
- Create IAM users based on your enterprise's organizational structure. Each IAM user has their own security credentials for accessing Billing Center.
- Grant users only the permissions required to perform a given task based on their job responsibilities.
- Entrust a HUAWEI ID to perform efficient O&M on your Billing Center.
If your HUAWEI ID meets your permissions requirements, you can skip this section.
Figure 1 shows the process flow of role/policy-based authorization.
Process Flow
Figure 1 Process of using identity policy-based authorization to grant permissions to use Billing Center
- On the IAM console, create a user group and grant it permissions (BSS ReadonlyAccess as an example).
- Create an IAM user and add it to the created user group.
On the IAM console, create a user and add it to the user group created in 1.
- Log in as the IAM user and verify permissions.
Use the created IAM user to log in to Billing Center, and verify that the IAM user can make payments.
Choose Funds Management > Pay page. Then, make payments. If a message appears indicating that you have insufficient permissions to perform the operation, the BSS ReadonlyAccess policy is in effect.
Example Custom Policies for Billing Center
You can create custom policies to supplement the system-defined policies of Billing Center. For details about actions supported in custom policies, see Actions Supported by Policy-based Authorization.
You can create custom policies in either of the following ways:
- Visual editor: Select cloud services, actions, resources, and conditions. This does not require knowledge of policy syntax.
- JSON: Create a JSON policy or edit an existing one.
For details, see Creating a Custom Policy. The following provides examples of custom policies in Billing Center.
