Help Center/ Enterprise Management/ User Guide/ Enterprise Center/ Permissions/ Using IAM to Grant Access to Enterprise Center/ Using IAM Roles or Policies to Grant Access to Enterprise Center
Updated on 2025-11-24 GMT+08:00
View PDF
Share

Using IAM Roles or Policies to Grant Access to Enterprise Center

Identity policy-based authorization provided by Identity and Access Management (IAM) let you control access to Enterprise Center. With IAM, you can:

  • Create IAM users or user groups for personnel based on your organizational structure. Each IAM user has their own identity credentials for accessing Enterprise Center.
  • Grant users only the permissions required to perform a given task based on their job responsibilities.
  • Entrust a Huawei Cloud account to perform efficient O&M on your Enterprise Center.

If your Huawei Cloud account meets your permissions requirements, you can skip this section.

Figure 1 shows the process flow of role/policy-based authorization.

Prerequisites

Before granting permissions to user groups, learn about Role/Policy-based Authorization for Enterprise Center. To grant permissions for other services, learn about all system-defined permissions supported by IAM.

Process Flow

Figure 1 Process of granting permissions to use Enterprise Center

  1. On the IAM console, create a user group and assign permissions (BSS Administrator as an example).

  2. On the IAM console, create an IAM user and add it to the user group created in 1.

  3. Log in to Enterprise Center as the IAM user.

    On the Organizations and Accounts page, create an organization. If the organization is created, the BSS Administrator policy is in effect.

Example Custom Identity Policies

You can create custom policies to supplement the system-defined policies of Enterprise Center. For details about actions supported in custom policies, see Actions Supported by Policy-based Authorization.

You can create custom policies in either of the following ways:

  • Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
  • JSON: Create a JSON policy or edit an existing one.

For details, see Creating a Custom Policy. The following provides examples of custom policies for Enterprise Center.

  • Example 1: The policy for granting permissions to view organizations and accounts 
    {
    "Version": "1.1",
    "Statement": [
        {
            "Action": [
                "bss:enterpriseOrganization:view",
            ],
            "Effect": "Allow"
        }
    ]
}
  • Example 2: The policy for granting permissions to modify organizations and accounts, modify organization accounting information, and view expenditure overview

    A custom policy can contain the actions of multiple services that are at the same level (global or project). The following is an example policy containing multiple actions:

    {
    "Version": "1.1",
    "Statement": [
        {
            "Action": [
                "bss:enterpriseOrganization:update",
                "bss:enterpriseFinance:update",
                "bss:bill:view",
            ],
            "Effect": "Allow"
        }
    ]
}