Help Center/ Data Encryption Workshop/ User Guide (Kuala Lumpur Region)/ User Guide/ Permission Control/ Creating a User and Authorizing the User the Permission to Access DEW
Updated on 2024-03-27 GMT+08:00

Creating a User and Authorizing the User the Permission to Access DEW

This section describes IAM's fine-grained permissions management for your DEW resources. With IAM, you can:

  • Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has its own security credentials to access DEW resources.
  • Grant users only the permissions required to perform a task.
  • Entrust a cloud account or cloud service to perform professional, efficient O&M on your DEW resources.

If your account does not need individual IAM users, skip this chapter.

This section describes the procedure for granting permissions (see Figure 1).

Prerequisites

Before granting permissions to a user group, you need to understand the available DEW permissions, and grant permissions based on the real-life scenario. The following tables describe the permissions supported in DEW.

For the permissions of other services, see .

Table 1 DEW permissions

Role/Policy

Description

Type

KMS Administrator

Administrator permissions for the encryption key

Role

KMS CMK Admin

All permissions for the encryption keys

Policy

Authorization Process

Figure 1 Authorizing the DEW access permission to a user
  1. Create a user group on the IAM console and grant the user group the KMS CMK Admin permission (indicating full permissions for keys).

  2. Create a user on the IAM console and add the user to the user group created in 1.

  3. and verify permissions.

    Log in to the console as newly created user, and verify that the user only has read permissions for DEW.