IAM User Permissions
With IAM, you can grant fine-grained permissions to IAM users under your account by configuring permission policies.
The following table lists the permissions that are required for IAM users to use different MgC functions. For details about how to configure permission policies, see Creating a Custom Policy.
|
Function |
Permission |
|---|---|
|
Configuring a server purchase template |
vpc:vpcs:list (Listing VPCs) vpc:subnets:get (Querying subnets or querying details about a subnet) vpc:publicIps:list (Querying EIPs) vpc:securityGroups:get (Querying security groups or querying details about a security group) eps:enterpriseProjects:list (Listing enterprise projects) ecs:availabilityZones:list (Listing AZs) |
|
Creating a server migration workflow |
vpc:vpcs:list (Listing VPCs) vpc:vpcs:get (Querying VPC details) vpc:subnets:get (Querying subnets or querying details about a subnet) vpc:publicIps:list (Querying EIPs) vpc:publicIps:get (Querying details about an EIP) vpc:securityGroups:get (Querying security groups or querying details about a security group) eps:enterpriseProjects:list (Listing enterprise projects) eps:enterpriseProjects:get (Querying details about an enterprise project) |
|
Getting server recommendations |
ecs:cloudServerFlavors:get (Querying details about flavors and extended flavor information) ecs:cloudServers:list (Querying details about ECSs) ecs:cloudServers:showServer (Query details about an ECS) ecs:flavors:get (Querying ECS flavors) ims:images:list (Querying images) ims:images:get (Querying details about an image) evs:volumes:list (Querying EVS disks) evs:types:get (Querying EVS disk types) |
|
Creating a Cross-AZ migration workflow |
ecs:availabilityZones:list (Listing AZs) |
|
Configuring Product Mappings for TCO Analysis |
ecs:cloudServerFlavors:get (Querying details about flavors and extended flavor information) ims:images:list (Querying images) evs:types:get (Querying EVS disk types) |
|
Creating a storage migration workflow |
Tenant Guest (read-only permissions for all cloud services except IAM) OMS Administrator (full permissions for OMS) |
|
Creating a migration cluster |
Tenant Guest (read-only permissions for all cloud services except IAM) OMS Administrator (full permissions for OMS) nat:natGateways:list (Querying NAT gateways) smn:topic:list (Querying a topic) |
|
Creating an Agency |
iam:agencies:listAgencies (Querying agencies based on specified conditions) iam:roles:listRoles (Listing permissions) iam:quotas:listQuotas (Listing quotas) iam:permissions:listRolesForAgency (Listing permissions of an agency) iam:agencies:createAgency (Creating an agency) iam:permissions:grantRoleToAgency (Granting specified permissions to an agency) iam:roles:createRole (Creating a custom policy) iam:roles:updateRole (Modifying a custom policy) |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
