Creating Users and Assigning DLV Permissions

Updated on 2024-06-21 GMT+08:00

View PDF

This section describes how to use IAM to implement fine-grained permissions control for your DLV resources. With IAM, you can:

Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to DLV resources.
Grant only the permissions required for users to perform a specific task.
Entrust a Huawei Cloud account or service to perform professional and efficient O&M on your DLV resources.

If your Huawei Cloud account does not need individual IAM users for permissions management, then you may skip over this chapter.

This section describes the procedure for granting permissions. Permission Assigning Process shows the procedure. You can use either of the following methods to grant DLV permissions to a user:

Creating Users and Assigning Permissions of DLV Workspace Roles
Creating Users and Assigning All DLV Permissions

Prerequisites

Before granting permissions to a user, learn about the DLV workspace roles and permissions that can be assigned to the user and select the roles and permissions based on the site requirements. For details about the roles and permissions supported by DLV, see Permissions Management.
For the system policies of other services, see System Permissions.

Permission Assigning Process

Figure 1 Process for assigning DLV roles to users
Click to enlarge

Creating Users and Assigning Permissions of DLV Workspace Roles

Create a user.

Log in to the IAM console and create a user.
Adding Workspace Members and Roles

Log in to the DLV console as the user created in 1 and add the user as a member and role of the workspace to be authorized. Assume that only the visitor role of the DLV workspace is granted to the user.
Log in and verify the permissions.

Log in to the DLV console by using the user created, and verify the granted permissions of the user as follows:
- Log in to the DLV console and switch to the authorized workspace. On the Screens page, click New Screen to create a screen. If the screen cannot be created, the visitor role has taken effect.
- In the service list area, select any service except DLV (assume that policies of other services are not granted to the user). If a message appears indicating that you have no permission to access the service, the visitor role has taken effect.

Creating Users and Assigning All DLV Permissions

To grant an IAM user permission to create a workspace, you need to grant the IAM user the DLV FullAccess policy, so that the user can perform all permissions on DLV. You can grant DLV policies to a user group. In this way, after you add a user to the user group, the user will have the corresponding permissions.

Create a user.

Log in to the IAM console and create a user.
Create a user group and assign permissions to it.

Create a user group on the IAM console, and assign the DLV FullAccess permission to the group.
NOTE:
- The DLV FullAccess permission is not granted to the existing users. To obtain this permission, log in to the IAM console and grant the permission to the existing users.
Add a user to a user group.

On the IAM console, add the user created in 1 to the user group.
Log in and verify the permissions.

Log in to the DLV console by using the user created, and verify the granted permissions of the user.
- Log in to the DLV console and click on the Workspace page to create a workspace. If a workspace can be created, the DLV FullAccess permission has taken effect.
- In the service list area, select any service except DLV. If a message appears indicating that you have no permission to access the service, the DLV FullAccess permission has already taken effect.