Creating a User and Granting Permissions
You can use IAM to implement refined permission control for DAS resources. To be specific, you can:
- Create IAM users for employees from different departments of your enterprise. In this way, each IAM user has a unique security credential to use DAS resources.
- Grant only the permissions required for users to perform a specific task.
- Entrust an account or cloud service to perform professional and efficient O&M on your DAS resources.
If your account does not need individual IAM users, you may skip over this section.
Figure 1 describes how to grant permissions to a user group.
Before granting permissions to a user group, learn about the DAS system policies that can be added, as shown in Permissions Management. For the system policies of other services, see System Permissions.
- Create a user group and grant permissions to it.
Create a user group on the IAM console, and grant the DAS Administrator policy to the group.
- Create an IAM user.
Create a user on the IAM console and add the user to the group created in 1.
- Log in to the HUAWEI CLOUD console as the created IAM user, switch to the region where you have been authorized to use DAS, and verify permissions. For details about how to log in to the console, see Logging In as an IAM User.
- In the service list, select Data Admin Service. On the displayed DAS console, click Add Login. If login information can be successfully created, DAS policies have already taken effect.
- Select any other service, rather than DAS, in the Service List. If a message indicating insufficient permissions to access the service appears, DAS policies have already taken effect.