Creating a User and Granting Permissions

This section describes how to use IAM to implement fine-grained permissions control for your enterprise switch resources. With IAM, you can:

Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to enterprise switch resources.
Grant only the permissions required for users to perform a specific task.
Entrust an account or a cloud service to perform professional and efficient O&M on your enterprise switch resources.

If your account does not require individual IAM users, skip over this section.

IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview.

Figure 1 shows the procedure for granting permissions.

Prerequisites

You have learned about the permissions supported by Enterprise Switch and choose policies or roles according to your requirements. Enterprise Switch uses the same system permissions as VPC. For details, see Permissions Management. For permissions of other cloud services, see System Permissions.

Process Flow

Figure 1 Process for granting Enterprise Switch permissions

Create a user group and assign permissions.
Create a user group on the IAM console, and assign the VPCReadOnlyAccess policy to the group.
Create a user and add the user to the user group.
Create a user on the IAM console and add the user to the group created in 1.
Log in and verify permissions.
Log in to the Enterprise Switch console as the created user, switch to the authorized region, and verify the user permissions.
- Click Service List and choose Enterprise Switch. Then click Buy in the upper right corner. If the enterprise switch fails to be created, the VPCReadOnlyAccess permission has taken effect.
- Choose any other service in the Service List. If a message appears indicating that you have insufficient permissions to access the service, the VPCReadOnlyAccess policy has already taken effect.