Creating a User and Granting Permissions
This section describes how to use Identity and Access Management (IAM) to implement fine-grained permissions control for your CAE resources. With IAM, you can:
- Create IAM users for employees from different departments of your enterprise. In this way, each IAM user has a unique security credential to use CAE resources.
- Grant only the permissions required for users to perform a specific task.
- Entrust an account or cloud service to perform efficient O&M on your CAE resources.
If your account does not require individual IAM users, skip this section.
This section describes the procedure for granting permissions, as shown in Figure 1.
Prerequisites
Learn about the permissions supported by CAE and choose permissions as required. For details about system permissions supported by CAE, see Permissions Management.
For details about the permissions of other services, see System Permissions.
Process Flow
- Create a user group and assign permissions.
Create a user group on the CAE console, and grant the CAE ReadOnlyAccess policy to the group.
- Create an IAM user.
Create a user on the IAM console and add the user to the group created in 1.
- Log in and verify permissions.
Log in to the CAE console as the created user, and verify that the user only has read permissions for CAE.
- In Service List, choose Cloud Application Engine. On the CAE console, choose Components > Create Component. If a message appears indicating insufficient permissions after you click Create and Deploy Component, the CAE ReadOnlyAccess policy has taken effect.
- Choose any other service in Service List. If a message appears indicating insufficient permissions, the CAE ReadOnlyAccess policy has taken effect.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
