IAM User Permissions
With IAM, you can configure permission policies to grant IAM users in your account fine-grained MgC permissions, enabling effective permission isolation.
The following table lists the permissions that are required for IAM users to use different MgC functions. For details about how to grant specific permissions to IAM users, see Creating a Custom Policy.
Function |
Required Permissions |
---|---|
Configuring a server purchase template |
vpc:vpcs:list (Listing VPCs) vpc:subnets:get (Querying subnets or querying details about a subnet) vpc:securityGroups:get (Querying security groups or querying details about a security group) eps:enterpriseProjects:list (Listing enterprise projects) ecs:availabilityZones:list (Listing AZs) |
Manually configuring target server specifications |
ecs:cloudServerFlavors:get (Querying details about flavors and extended flavor information) evs:types:get (Querying EVS disk types) ims:images:list (Listing images) ims:images:get (Querying details about an image) |
Associating source servers with existing target servers |
evs:volumes:list (Listing EVS disks) ecs:cloudServers:list (Querying details about ECSs) ecs:cloudServers:showServer (Querying details about an ECS) ims:images:get (Querying details about a specified image) |
Importing target resource configurations during the design of server migration plans |
obs:bucket:ListBucket (Listing objects in a bucket) obs:bucket:ListAllMyBuckets (Listing buckets) |
Creating a server migration workflow |
vpc:vpcs:list (Listing VPCs) vpc:vpcs:get (Querying VPC details) vpc:subnets:get (Querying subnets or querying details about a subnet) vpc:securityGroups:get (Querying security groups or querying details about a security group) eps:enterpriseProjects:list (Listing enterprise projects) eps:enterpriseProjects:get (Querying details about an enterprise project) kms:cmk:list (Listing keys) kms:cmk:get (Querying key information) kms:dek:create (Creating a DEK) kms:dek:decrypt (Decrypting a DEK) sms:server:migrationServer (Migrating a source server) sms:server:queryServer (Querying source servers) smn:topic:list (Listing topics) |
Getting server recommendations |
ecs:cloudServerFlavors:get (Querying details about flavors and extended flavor information) ecs:cloudServers:list (Querying details about ECSs) ims:images:list (Listing images) ims:images:get (Querying details about an image) evs:volumes:list (Listing EVS disks) evs:types:get (Querying EVS disk types) |
Creating a cross-az migration workflow |
ecs:availabilityZones:list (Listing AZs) smn:topic:list (Listing topics) |
Configuring product mappings for TCO analysis |
ecs:cloudServerFlavors:get (Querying details about flavors and extended flavor information) ims:images:list (Listing images) evs:types:get (Querying EVS disk types) |
Configuring target buckets in an object storage migration plan |
obs:bucket:ListAllMyBuckets (Listing buckets) |
Creating a storage migration workflow |
OMS Administrator (Full permissions for OMS) smn:topic:list (Listing topics) smn:topic:updateNotifyPolicy (Granting the permissions to modify notification policies) smn:topic:update (Granting the permissions to update a topic, including adding subscriptions) |
Creating a migration cluster |
OMS Administrator (Full permissions for OMS) nat:natGateways:list (Listing NAT gateways) vpc:vpcs:list (Listing VPCs) vpc:subnets:get (Querying subnets or querying details about a subnet) vpc:publicIps:list (Listing EIPs) ecs:cloudServerFlavors:get (Querying details about flavors and extended flavor information) |
Authorizing an agency |
iam:agencies:listAgencies (Querying agencies based on specified conditions) iam:roles:listRoles (Listing permissions) iam:quotas:listQuotas (Listing quotas) iam:permissions:listRolesForAgency (Listing permissions of an agency) iam:agencies:createAgency (Creating an agency) iam:permissions:grantRoleToAgency (Granting specified permissions to an agency) iam:roles:createRole (Creating a custom policy) iam:roles:updateRole (Modifying a custom policy) iam:permissions:revokeRoleFromAgency (Revoking permissions from an agency) |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot