Creating a Permission Set
A permission set is a template created and maintained by an administrator. It defines one or more IAM policies. Permission sets simplify the assignment of account access for users and groups in IAM Identity Center. With permission sets, you do not need to configure permissions for accounts individually.
Creating permission sets is mandatory. When logging in to the management console as an IAM Identity Center user to access resources of multiple accounts, you must associate the user with permission sets. Otherwise, the user cannot access any resources after login.
IAM provides system-defined policies to define common actions supported by cloud services. When creating a permission set, you can directly choose from these IAM system-defined policies. System-defined policies cannot be modified. You can create a custom identity policy or custom policy in IAM Identity Center to supplement system-defined policies. For details about system-defined policies for all cloud services, see System-defined Permissions.
A permission set can include a maximum of 18 system-defined policies, one custom identity policy, and one custom policy.
Procedure
- Log in to the Huawei Cloud console.
- Click
in the upper left corner of the page and choose Management & Governance > IAM Identity Center. - In the navigation pane, choose Multi-Account Permissions > Permission Sets.
- Click Create Permission Set in the upper right corner of the page.
Figure 1 Creating a permission set
- In the Set Permission Set Details step, configure details about the permission set and click Next.
Figure 2 Setting permission set details
Table 1 Permission set details Parameter
Description
Name
Name of a permission set.
The value is user-defined and must be unique.
Session Duration
The length of time a user can be logged in to the console.
When the login time exceeds the configured session duration, the user is automatically logged out. To continue the access, the user needs to log in again.
Initial Access Page
Initial page that a user accesses after logging in to the console using the user portal URL.
For example, if you enter the IAM console URL, users will access the IAM console after login.
Description
Description of a permission set.
- In the Set Policy step, configure system-defined policies, custom identity policies, and custom policies for the permission set and click Next.
If you enable Identity Policy, only system-defined policies and custom identity policies are displayed.
- System-defined policies: You can select system-defined policies preconfigured in IAM Identity Center, including policies and identity policies.
- Custom identity policies: You can create custom identity policies in visual editor or JSON view to supplement system-defined identity policies.
- Custom policies: You can create custom policies only in JSON view to supplement system-defined policies.
Figure 3 Setting policies
- In the Confirm step, confirm the configuration and click OK in the lower right corner.
Figure 4 Confirming configurations
By default, newly created permission sets are not attached to any accounts. Their status will change to Attached after you attach them to accounts.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
