Help Center> Identity and Access Management> User Guide (Kuala Lumpur Region)> Getting Started> Step 1: Create User Groups and Assign Permissions
Updated on 2022-08-18 GMT+08:00
View PDF

Step 1: Create User Groups and Assign Permissions

Company A has three functional teams, including the management (admin group), development, and test teams. The default group admin is generated after company A's administrator registers an account. The administrator needs to create another two groups in IAM for the development and test teams.

Creating User Groups

  1. Log in to the management console, and choose Identity and Access Management.
  2. Log in to the console as an administrator.
  3. On the IAM console, choose User Groups and click Create User Group.
  4. Enter Developers for Name, and click OK.
  5. Repeat steps 3 and 4 to create the Testers group.

Assigning Permissions to User Groups

Developers in company A need to use ECS, RDS, ELB, VPC, EVS, and OBS, so the administrator needs to assign the required permissions to the Developers group to enable access to these services. Testers in this company need to use APM, so the administrator needs to assign the required permissions to the Testers group to enable access to the service. After permissions are assigned, users in the two groups can access the corresponding services. For details about the permissions of all cloud services, see "Permissions".

  1. Determine the permissions policies to be attached to each user group.

    Determine the policies (see Table 1). Regions are geographic areas where services are deployed. If a project-level service policy is attached to a user group for a project in a specific region, the policy takes effect only for that project.

    Table 1 Required permissions policies

    User Group

    Cloud Service

    Region

    Policy or Role

    Developers

    ECS

    Specific regions

    ECS Admin

    RDS

    Specific regions

    RDS Admin

    ELB

    Specific regions

    ELB Admin

    VPC

    Specific regions

    VPC Administrator

    EVS

    Specific regions

    EVS Admin

    OBS

    Global

    OBS Buckets Viewer

    Testers

    CTS

    Specific regions

    APM Admin

    CTS Administrator

  2. In the user group list, click Manage Permissions in the row containing the user group Developers.
  3. On the Permissions tab page, click Assign Permissions above the permission list.
  4. Assign permissions to the user group for region-specific projects.

    1. All the services in Table 1 except OBS are deployed in specific projects. Specify the scope as Region-specific projects, and select a project from the drop-down list.
    2. Select policies and click OK.

  5. Assign permissions to the user group for the global service project.

    1. Specify the scope as Global service project.
    2. Select OBS Buckets Viewer, and click OK.

  6. Repeat steps 2 to 5 to attach the CTS Administrator role to the Testers group.
Parent topic: Getting Started