Help Center/ CodeArts/ User Guide/ Preparations/ Configuring CodeArts Console Permissions/ Granting CodeArts Console Permissions Using IAM/ Using IAM Roles or Policies to Grant Access to CodeArts Console
Updated on 2026-01-12 GMT+08:00
View PDF
Share

Using IAM Roles or Policies to Grant Access to CodeArts Console

System-defined permissions in Role/Policy-based Permissions Management provided by IAM let you control access to the CodeArts console. With IAM, you can:

  • Create IAM users for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing the CodeArts console.
  • Grant only the permissions required for users to perform a specific task.
  • Entrust a HUAWEI ID or a cloud service to perform efficient O&M on your CodeArts console.

If your HUAWEI ID does not require individual IAM users, you can skip this section.

This section describes the RBAC method. See Figure 1 for the process of granting permissions.

Prerequisites

Learn about the permissions supported by the CodeArts console in Role/Policy-based Permissions Management and select them according to your requirements. To grant permissions for other services, learn about all system-defined permissions supported by IAM.

Process Flow

Figure 1 Process of granting permissions for the CodeArts console
  1. On the IAM console, create a user group and grant it permissions (DevCloud Console ReadOnlyAccess as an example).

    Create a user group on the IAM console and assign the DevCloud Console ReadOnlyAccess permissions to the group.

  2. Create an IAM user and add it to the created user group.

    On the IAM console, create a user and add it to the user group created in 1.

  3. Log in and verify permissions.

    In the authorized region, perform the following operations:

    Choose CodeArts in Service List, and then choose Enterprise Account Authorization in the navigation pane. Click Authorize Enterprise Account, and enter an account ID. If a message is displayed indicating that you cannot access the page, the DevCloud Console ReadOnlyAccess policy has already taken effect.

Example Custom Policies for the CodeArts Console

You can create custom policies to supplement the system-defined policies of the CodeArts console.

To create a custom policy, choose either visual editor or JSON.

  • Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
  • JSON: Create a policy in the JSON format from scratch or based on an existing policy.

For details, see Creating a Custom Policy. The following section contains examples of common custom policies for the CodeArts Console.

  • Example 1: Allowing users to authorize enterprise accounts 
    {
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "devcloud:authorization:create"
            ]
        }
    ]
}
  • Example 3: Defining permissions for multiple services in a policy

    A custom policy can contain the actions of multiple services that are all of the global or project-level type. The following is an example policy containing actions of multiple services:

    { 
        "Version": "1.1", 
        "Statement": [ 
                { 
                        "Action": [ 
                                "devcloud:monthlyPackage:listResourceDetail", 
                                "ecs:cloudServers:delete"
                        ], 
                        "Effect": "Allow" 
                } 
        ] 
}
Parent Topic: Granting CodeArts Console Permissions Using IAM