Help Center/ Cloud Phone Host/ User Guide/ Permission Management/ Permission Configuration Examples
Updated on 2024-07-31 GMT+08:00
View PDF
Share

Permission Configuration Examples

You can select roles and policies to grant permissions. This section provides common permission configuration examples. For details, see Creating a User and Granting CPH Permissions.

Examples of permission configurations:

Granting All Permissions

If you grant the all permissions of CPH to IAM users, grant the CPH FullAccess and DEW KeypairFullAccess policies and set custom policies for viewing, paying, and renewing orders. Figure 1 shows how to create a custom policy. For details about how to create a custom policy, see Creating a Custom Policy. Figure 2 shows how to grant all permissions of CPH.

Custom policy

{
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "bss:renewal:update",
                "bss:balance:view",
                "bss:order:view",
                "bss:order:pay",
                "bss:order:update",
                "bss:renewal:view"
            ]
        }
    ]
}
Figure 1 All permissions-custom policy
Figure 2 Granting all permissions of CPH

Granting Operation Permissions

Operation permissions allow IAM users to operate but not to create or delete cloud phone servers or cloud phones. To grant the CPH operation permissions to IAM users, grant the CPH FullAccess policy and set a custom policy that denies the create and delete action. Figure 3 shows how to create a custom policy. For details about how to create a custom policy, see Creating a Custom Policy. Figure 4 shows how to grant the operation permissions.

Custom policy

{
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Deny ",
            "Action": [
                "cph:servers:create ",
                "cph:servers:delete "
            ]
        }
    ]
}
Figure 3 Operation permissions-custom policy
Figure 4 Granting operation permissions

Granting Read-Only Permissions

To grant the CPH read-only permissions to IAM users, authorize the ReadOnlyAccess policy.

Figure 5 Granting read-only permissions

Granting Permissions to Perform Specified Operations

To grant an IAM user the permissions to perform specified operations on CPH, create a custom policy to allow or deny specified operations. Figure 6 shows how to create a custom policy. For details about how to create a custom policy, see Creating a Custom Policy.

Figure 6 Creating a custom policy to allow or deny specified operations
Parent topic: Permission Management