Creating a User and Granting SDRS Permissions

This chapter describes how to use IAM to implement fine-grained permissions control for your SDRS resources. With IAM, you can:

Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing SDRS resources.
Grant only the permissions required for users to perform a task.
Entrust HUAWEI CLOUD accounts or cloud services to perform efficient O&M on your ECS resources.

If your HUAWEI CLOUD account does not need individual IAM users, skip over this section.

This section describes the procedure for granting permissions (see Figure 1).

Prerequisites

Before assigning permissions to user groups, you should learn about the system-defined roles and policies listed in Supported system roles. For the system policies of other services, see System Permissions.

Process Flow

Figure 1 Process for granting SDRS permissions

Create a user group and assign permissions to it.
Create a user group on the IAM console, and attach the SDRS Administrator and VPC Administrator policies to the group.
Create an IAM user.
Create a user on the IAM console and add the user to the group created in 1.
Log in and verify permissions.
Log in to the SDRS console as the created user, and verify the user's permissions for SDRS.
- Choose Service List > Storage Disaster Recovery Service. Click Create Protection Group on the SDRS console. If a protection group can be successfully created, the SDRS Administrator policy has already taken effect.
- Choose another service in the Service List. If a message appears indicating insufficient permissions to access the service, the SDRS Administrator policy has already taken effect.
- Create a disaster recovery drill and select Automatically create for the drill VPC. If the drill is successfully created, the VPC Administrator policy has already taken effect.