Using IAM Identity Policies to Grant Access to KooPhone
You can use Identity and Access Management (IAM) to perform identity policy-based permissions management for your KooPhone resources. With IAM, you can:
- Create users or user groups for employees from different functional departments based on your enterprise's organizational structure using your Huawei ID. Each employee has their own identity credentials for accessing KooPhone resources.
- Grant users only the permissions required to perform a given task based on their job responsibilities.
- Entrust a Huawei Cloud account or a cloud service to perform professional and efficient O&M on your KooPhone resources.
If your Huawei Cloud account meets your requirements, you can skip this section.
Figure 1 shows the process flow of identity policy-based authorization.
Prerequisites
Before granting permissions, learn about system-defined permissions for KooPhone and select the permissions as needed. For details about the system-defined identity policies supported by KooPhone, see Identity Policy-based Permissions Management. To grant permissions for other services, learn about all system-defined permissions supported by IAM.
Process Flow
To grant the KooPhone permissions, perform the following steps:
- Create an IAM user or create a user group.
Log in to the IAM console and create a user or user group.
- Attach an identity policy to a principal.
Assign or attach the system-defined identity policy with read-only permissions or all permissions to the user or user group.
- Log in as an IAM user and verify the user's permissions.
Log in to the KooPhone console as an authorized user. On the Overview page, if you can view the instance list, the KooPhone ReadOnlyUser permission has taken effect. If you can purchase UNI Cloud Terminal, the KooPhone Administrator role with all operation permissions has taken effect.
Example Custom Identity Policies
You can create custom identity policies to supplement the system-defined identity policies of KooPhone. For details about actions supported in custom identity policies, see Identity policy.
Currently, Huawei Cloud supports the following methods to create a custom identity policy:
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
- JSON: Create a JSON policy or edit an existing one.
For details, see Creating a Custom Identity Policy.
The following provides example custom identity policies for KooPhone.
- Example 1: Allowing users to view available SKUs
{ "Version": "5.0", "Statement": [ { "Effect": "Allow", "Action": [ "koophone:cloudphoneresource:querySku" ] } ] } - Example 2: Allowing users to view available SKUs and unsubscribed instances
{ "Version": "5.0", "Statement": [ { "Effect": "Allow", "Action": [ "koophone:cloudphoneresource:onDemandDelete", "koophone:cloudphoneresource:querySku" ] } ] }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
