Help Center/ Web3 Node Engine Service/ User Guide/ Permissions Management/ Creating a User and Granting NES Permissions
Updated on 2023-12-05 GMT+08:00

Creating a User and Granting NES Permissions

This topic describes how to use Identity and Access Management (IAM) to implement fine-grained permissions control for your NES resources. With IAM, you can:

  • Create IAM users for employees based on your organizational structure. Each IAM user will have their own security credentials for accessing NES resources.
  • Grant only the permissions required for users to perform a specific task.
  • Entrust a Huawei Cloud account or cloud service to perform efficient O&M on your NES resources.

If your Huawei Cloud account does not require individual IAM users, skip this section.

This section describes the procedure for granting user permissions. Figure 1 shows the process flow.

Prerequisites

Learn about the permissions (see Permissions Management) supported by NES and choose policies or roles according to your requirements. For the system permissions of other services, see System-defined Permissions.

Process

Figure 1 Process for granting NES permissions

  1. Create a user group and assign permissions.

    Create a user group on the IAM console, and assign the BCS Administrator policy to the group.

    • If you select BCS Administrator, you also need to select the following dependent permissions: Tenant Guest, Server Administrator, ELB Administrator, SFS Administrator, SWR Admin, APM FullAccess, AOM FullAccess, CCE Administrator, VPC Administrator, EVS Administrator, and CCE Cluster Admin.
    • Contact the account administrator to obtain the operation permissions on other services.
  2. Create a user and add them to the user group.

    Create a user on the IAM console and add the user to the user group created in 1.

  3. Log in and verify permissions.

    Log in to the console as the created user, and verify that the user has the NES operating permissions.