Using IAM Identity Policies to Grant Access to CodeArts Console
System-defined permissions in Identity Policy-based Permissions Management provided by IAM let you control access to the CodeArts console. With IAM, you can:
- Create IAM users or user groups for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing the CodeArts console.
- Grant only the permissions required for users to perform a specific task.
- Entrust a HUAWEI ID or a cloud service to perform efficient O&M on your CodeArts console.
If your HUAWEI ID meets your permissions requirements, you can skip this section.
This section describes the ABAC method. See Figure 1 for the process of granting permissions.
Prerequisites
Learn about the permissions supported by the CodeArts console and select them according to your requirements. For system-defined policies supported by the CodeArts console, see Identity Policy-based Permissions Management. To grant permissions for other services, learn about all system-defined permissions supported by IAM.
Process Flow
- On the IAM console, create an IAM user or create a user group.
On the IAM console, create a user or user group.
- Attach a system-defined policy to the user or user group.
Assign the permissions defined in the system-defined identity policy CODEARTSReadOnlyPolicy to the user or group, or attach the system-defined identity policy to it.
- Log in and verify permissions.
Log in to the console as an authorized user and test the permissions.
Choose CodeArts in Service List, and then choose Enterprise Account Authorization in the navigation pane. Click Authorize Enterprise Account, and enter an account ID. If a message is displayed indicating that you cannot access the page, the CODEARTSReadOnlyPolicy policy has already taken effect.
Example Custom Policies for the CodeArts Console
You can create custom identity policies to supplement the system-defined identity policies of the CodeArts console. To create a custom policy, choose either visual editor or JSON.
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
- JSON: Create a policy in the JSON format from scratch or based on an existing policy.
For details, see Creating a Custom Identity Policy and Attaching It to a Principal.
The following section contains examples of common custom policies for the CodeArts Console.
- Example 1: Allowing users to authorize enterprise accounts
{ "Version": "5.0", "Statement": [ { "Effect": "Allow", "Action": [ "codearts:authorization:create" ] } ] } - Example 2: Defining permissions for multiple services in a policy
A custom policy can contain the actions of one or more services. The following is an example policy containing actions of multiple services:
{ "Version": "5.0", "Statement": [ { "Effect": "Allow", "Action": [ "codearts:monthlyPackage:listResourceDetail", "codearts:cloudide:viewUsage" ] }, { "Effect": "Allow", "Action": [ "ecs:cloudServers:createServers", "ecs:cloudServers:listServersDetails" ] } ] }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
