Help Center > > User Guide> Permissions Management> Creating a User and Granting Permissions

Creating a User and Granting Permissions

Updated at: May 14, 2020 GMT+08:00

This section describes how to use a group to grant permissions to a user.

Process Flow

  1. Create a user group and grant permissions to it.

    Create a user group on the IAM console, and attach the DAS Administrator policy to the group.

  2. Create an IAM user.

    Create a user on the IAM console and add the user to the group created in 1.

  3. Log in and verify permissions.

    Log in to the DAS console as the created user, and verify that it only has the administrator permissions for DAS.

Prerequisites

Before assigning permissions to user groups, you should learn about the system policies listed in Supported System Policies. For the system policies of other services, see Permission Policies.

Table 1 Supported System Policies

Policy Name

Description

Dependency

DAS Administrator

DAS administrator

This permission is the basic permission that must be added when DAS is used.

Dependent on the Tenant Guest policy.

Tenant Guest: A global read-only policy at a project-level, which must be assigned in the same project.

To use DAS to manage your RDS databases, you also need to add required RDS permissions.

Table 2 Dependent permissions

Policy Name

Description

Policy Type

Dependency

RDS Admin

Full permissions for RDS

Fine-grained policy

None

RDS Viewer

Read-only permissions for RDS

Fine-grained policy

None

RDS Administrator

Administrator permissions for RDS

RBAC policy

Dependent on the Tenant Guest and Server Administrator policies.

Process Flow

Figure 1 Process for granting DAS permissions
  1. Create a user group and grant permissions to it.

    Create a user group on the IAM console, and attach the DAS Administrator policy to the group.

  2. Create an IAM user.

    Create a user on the IAM console and add the user to the group created in 1.

  3. Log in to the DAS console by using the created user, and verify that the user only has read permissions for DAS.
    • Choose Service List > Data Admin Service. Then, click Add Login on the DAS console. If a message appears indicating that you have insufficient permissions to perform the operation, the DAS Viewer policy has already taken effect.
    • Choose any other service in Service List. If a message appears indicating that you have insufficient permissions to access the service, the DAS Viewer policy has already taken effect.

Create User Group

User groups facilitate centralized user management and streamlined permissions management. Users in the same user group have the same permissions. Users created in IAM inherit permissions from the groups to which they belong.

  1. Log in to HUAWEI CLOUD and click Console in the upper right corner.
  2. On the management console, click the username in the upper right corner and then choose Identity and Access Management.
  3. On the IAM console, choose User Groups in the navigation pane. Then click Create User Group.
  4. Enter a user group name (for example, Developers), and click OK.

    The user group is then displayed in the user group list.

  5. Click OK.

    You can create a maximum of 20 user groups. If the current resource quota cannot meet your requirements, you can apply for a higher quota.

Assign Permissions to a User Group

The following is the procedure of assigning permissions to a user group.

  1. In the user group list, click Manage Permissions in the same row as Developers.
  2. On the Group Permissions tab, click Assign Permissions above the policy or project list.

  3. Select a project type for authorization. If you select Region-specific projects, select one or more projects in the drop-down list.

    Region-specific projects: Project-level services must be deployed in specific physical regions. Permissions for these services can be assigned and take effect only for specific regions. If you want a permission to take effect for all regions, assign it in all these regions.

  4. Select policies or roles and click OK.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel