Help Center/ Log Tank Service/ User Guide/ Granting LTS Permissions to IAM Users
Updated on 2024-12-05 GMT+08:00

Granting LTS Permissions to IAM Users

You can use Identity and Access Management (IAM) for fine-grained permissions control for your LTS. With IAM, you can:

  • Create IAM users for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing LTS resources.
  • Grant users only the permissions required to perform a given task based on their job responsibilities.
  • Entrust a Huawei Cloud account or a cloud service to perform efficient O&M on your LTS resources.

If your Huawei Cloud account does not require individual IAM users, you can skip this section.

Figure 1 shows the process flow of role/policy-based authorization.

Prerequisites

Before granting permissions to user groups, learn about system-defined permissions in Permissions for LTS.

Process Flow

Figure 1 Process of granting LTS permissions
  1. Log in to the IAM console. Create a user group on the IAM console and assign the LTS FullAccess permissions to the group. For details, see Creating a User Group and Assigning Permissions.

    If you select the LTS FullAccess permissions, the Tenant Guest policy that the permission depends on is automatically selected. You also need to grant the Tenant Administrator policy for the global service project to the user group.

  2. Create a user on the IAM console and add the user to the user group created in 1. For details, see Creating an IAM User.
  3. Log in to the LTS console as the created user, switch to the authorized region, and verify your permissions by performing operations on the console. For details, see Logging In as an IAM User.