Help Center/ Cost Center/ User Guide/ Permissions Management/ Using IAM to Grant Access to Cost Center/ Using IAM Roles or Policies to Grant Access to Cost Center
Updated on 2025-11-24 GMT+08:00
View PDF
Share

Using IAM Roles or Policies to Grant Access to Cost Center

System-defined permissions in Role/Policy-based Authorization provided by Identity and Access Management (IAM) let you control access to Cost Center. With IAM, you can:

  • Create IAM users or user groups for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing Cost Center.
  • Grant users only the permissions required to perform a given task based on their job responsibilities.
  • Entrust a Huawei Cloud account to perform efficient O&M on your Cost Center.

If your Huawei Cloud account meets your permissions requirements, you can skip this section.

Figure 1 shows the process flow of role/policy-based authorization.

Prerequisites

Before granting permissions to user groups, learn about system-defined permissions in Role/Policy-based Permissions Management for Cost Center. To grant permissions for other services, learn about all system-defined permissions supported by IAM.

Process Flow

Figure 1 Process of granting Cost Center permissions using role/policy-based authorization
  1. On the IAM console, create a user group and grant it permissions (BSS Administrator as an example).

    Create a user group on the IAM console and assign the BSS Administrator permissions to the group.

  2. Create an IAM user and add it to the created user group.

    On the IAM console, create a user and add it to the user group created in 1.

  3. Log in as the IAM user and verify permissions.

    Log in to Cost Center as the IAM user and verify whether the user is allowed to export cost details.

    Choose Cost Analysis > Cost Analysis. On the displayed page, click export records. If the export is successful, the BSS Administrator permission is in effect.

Example Custom Policies

You can create custom policies to supplement the system-defined policies of Cost Center. For details about actions supported in custom policies, see Actions Supported by Policy-based Authorization.

To create a custom policy, choose either visual editor or JSON.

  • Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
  • JSON: Create a JSON policy or edit an existing one.

For details, see Creating a Custom Policy. The following provides examples of custom Cost Center policies.

  • Example 1: Grant permission to view cost analyses and add/modify budget reports. 
    {
    "Version": "5.0",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "costCenter:costAnalysis:listCosts",
                "costCenter:budget:configBudgetReport"
            ]
        }
    ]
}
  • Example 2: Grant permission to view cost analyses and configure cost budgets in Cost Center, and export the bill summary in Billing Center.

    A custom policy can contain the actions of one or multiple services that are of the same type (global or project-level).

    Example policy containing multiple actions:

    {
    "Version": "5.0",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "costCenter:costAnalysis:listCosts",
                "costCenter:budget:configBudget"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "billing:bill:export"
            ]
        }
    ]
}