Creating a User and Granting Permissions

This section describes how to use IAM to implement fine-grained permissions control for your ServiceStage resources. With IAM, you can:

Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials for access to ServiceStage resources.
Grant only the permissions required for users to perform a task.
Entrust an account or cloud service to perform professional and efficient O&M on your ServiceStage resources.

If your account does not require individual IAM users, skip this section.

This section describes the procedure for granting permissions (see Figure 1).

Prerequisites

Before assigning permissions to user groups, you should learn about ServiceStage policies and select the policies based on service requirements. For details about system permissions supported by ServiceStage, see Permissions Management.

For the system policies of other services, see Permissions Policies.

Process Flow

Figure 1 Process for granting ServiceStage permissions

Create a user group and grant permissions to it.
Create a user group on the IAM console, and assign the ServiceStage ReadOnlyAccess policy to the group.
Create a user.
Create a user on the IAM console and add the user to the group created in 1.
Log in and verify permissions.
Log in to the ServiceStage console as the created user, and verify that it only has read permissions for ServiceStage.
- Select ServiceStage from Service List. Choose Application Management > Application List from the navigation tree. On the page that is displayed, click Create Application. If a message appears indicating insufficient permissions to access the service, the ServiceStage ReadOnlyAccess policy has already taken effect.
- Choose any other service in Service List. If a message appears indicating insufficient permissions to access the service, the ServiceStage ReadOnlyAccess policy has already taken effect.