Creating a User and Granting Permissions

Use IAM to implement fine-grained permissions control over your BMSs. With IAM, you can:

Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to BMS resources.
Grant only the permissions required for users to perform a specific task.
Entrust a Huawei Cloud account or a cloud service to perform professional and efficient O&M on your BMS resources.

If your Huawei Cloud account does not need individual IAM users, you can skip over this section.

This section describes how to grant permissions to a user. Figure 1 shows the process.

Prerequisites

Learn about the system permissions (see ) supported by BMS and choose permissions based on your requirements. For the permissions of other services, see System Permissions.

Process Flow

Figure 1 Process for granting BMS permissions

Create a user group and grant permissions to it.
Create a user group on the IAM console, and grant the read-only permission to the group by assigning the BMS ReadOnlyAccess policy.
Create an IAM user and add the user to the group.
Create a user on the IAM console and add the user to the group created in 1.
Log in using the IAM user and verify permissions.
Log in to the management console using the IAM user, switch to a region where the permissions take effect, and verify the permissions.
- Choose Service List > Bare Metal Server. Then, click Buy BMS on the BMS console. If a message appears indicating insufficient permissions to perform the operation, the BMS ReadOnlyAccess policy has taken effect.
- Choose any other service in Service List. If a message appears indicating insufficient permissions to access the service, the BMS ReadOnlyAccess policy has taken effect.