Creating a User and Assigning Permissions
You can use IAM for fine-grained permissions control on MAS resources. With IAM, you can:
- Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials for accessing MAS resources.
- Grant only the permissions required for users to perform a specific task.
- Entrust an account of Huawei Cloud or cloud service to perform efficient O&M on your MAS resources.
If your Huawei Cloud account does not need IAM users, you can skip this section.
This section describes the procedure for assigning permissions (see Figure 1).
- Create a user group and assign permissions to it.
Create a user group on the IAM console, and grant the MAS ReadOnlyAccess permission to MAS.
- Create an IAM user.
Create a user on the IAM console and add the user to the group created in 1.
- Log in and verify permissions.
Log in to the MAS console as the created user, and verify that the user has the granted read permissions.
- Choose Service List > Multi-Site High Availability Service. Then click Buy Multi-Active Instance on the MAS console. If a message appears indicating that you have insufficient permissions to perform the operation, the MAS ReadOnlyAccess policy has already taken effect.
- Choose any other service in Service List. If a message appears indicating that you have insufficient permissions to access the service, the MAS ReadOnlyAccess policy has already taken effect.
Prerequisites
Before assigning permissions to user groups, learn MAS system policies.
For the system policies of other services, see System-defined Permissions.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
