Help Center/ Direct Connect/ User Guide/ Permissions Management/ Creating a User and Granting Permissions
Updated on 2024-06-20 GMT+08:00

Creating a User and Granting Permissions

Use IAM to implement fine-grained permissions control for your Direct Connect resources. With IAM, you can:

  • Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to cloud resources.
  • Grant only the permissions required for users to perform a specific task.
  • Entrust another account or cloud service to perform professional and efficient O&M on your cloud resources.

Skip this part if your account does not require individual IAM users.

Figure 1 shows the process for granting permissions.

Prerequisites

Before you assign permissions to a user group, you need to understand Direct Connect permissions that can be assigned to the user group and select permissions based on actual requirements. For details about the system permissions of Direct Connect, see Permissions. For the system policies of other services, see System Permissions.

Process Flow

Figure 1 Process for granting Direct Connect permissions
  1. Create a user group and assign permissions.

    Create a user group on the IAM console and assign the Direct Connect Administrator policy to the group.

  2. Create a user and add the user to the user group

    Create a user on the IAM console and add the user to the group created in 1.

  3. Log in to the management console as the created user.

    Log in to the Direct Connect console using the created user and verify that the user has read-only permissions for Direct Connect.

    • In the service list, choose Networking > Direct Connect. Click Create Connection in the upper right corner. If the connection is successfully created, the Direct Connect Administrator policy has already taken effect.
    • Choose any other service in the Service List. A message will appear indicating that you have no sufficient permissions to access the service.