Help Center/ Media Processing Center/ User Guide/ Permissions Management/ Creating a User and Granting MPC Permissions
Updated on 2022-03-17 GMT+08:00

Creating a User and Granting MPC Permissions

This chapter describes how to use IAM to implement fine-grained permissions control for your MPC resources. With IAM, you can:

  • Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing MPC resources.
  • Grant only the permissions required for users to perform a specific task.
  • Entrust a HUAWEI CLOUD account or cloud service to perform efficient O&M on your MPC resources.

If your HUAWEI CLOUD account does not require individual IAM users, skip this chapter.

This section describes the procedure for granting permissions (see Figure 1).

MPC System Permissions

By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.

MPC is a project-level service deployed and accessed in specific physical regions. To assign MPC permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect. If All projects is selected, the permissions will take effect for the user group in all region-specific projects. When accessing MPC, the users need to switch to a region where they have been authorized to use the MPC service.

Currently, the system role of MPC is MPC Administrator, which has all of the permissions for MPC.

For the permissions of other services, see System Permissions.

Prerequisites

Learn about the permissions (see MPC System Permissions) supported by MPC and choose policies or roles according to your requirements.

Process Flow

Figure 1 Process for granting MPC read-only permissions
  1. Create a user group and assign permissions to it.

    Create a user group on the IAM console, and attach the MPC Administrator policy to the group.

  2. Create an IAM user.

    Create a user on the IAM console and add the user to the group created in 1.

  3. Log in and verify permissions.
    Log in to the console by using the user created, and verify that the user only has read permissions for MPC.
    • Choose Service List > Media Processing Center. If all functions work well, the MPC Administrator policy has already taken effect.
    • Choose any other service in Service List. If a message appears indicating that you have insufficient permissions to access the service, the MPC Administrator policy has already taken effect.