Help Center/ Data Lake Insight/ User Guide/ Preparations/ Creating an IAM User and Granting Permissions
Updated on 2024-09-30 GMT+08:00

Creating an IAM User and Granting Permissions

You can use Identity and Access Management (IAM) to implement fine-grained permissions control on DLI resources. For details, see Overview.

If your cloud account does not need individual IAM users, then you may skip over this section.

This section describes how to create an IAM user and grant DLI permissions to the user. Figure 1 shows the procedure.

Prerequisites

Before assigning permissions to user groups, you should learn about system policies and select the policies based on service requirements. For details about system permissions supported by DLI, see DLI System Permissions.

Process Flow

Figure 1 Process for granting DLI permissions

  1. Create a user group and grant permissions to it.

    Create a user group on the IAM console, and assign the DLI ReadOnlyAccess permission to the group.

  2. Create an IAM user.

    Create a user on the IAM console and add the user to the group created in 1.

  3. Log in and verify permissions.

    Log in to the management console using the newly created user, and verify the user permissions.

    • Choose Service List > Data Lake Insight. The DLI management console is displayed. If you can view the queue list on the Queue Management page but cannot buy DLI queues by clicking Buy Queue in the upper right corner (assume that the current permission contains only DLI ReadOnlyAccess), the DLI ReadOnlyAccess permission has taken effect.
    • Choose any other service in Service List. If a message appears indicating that you have insufficient permissions to access the service, the DLI ReadOnlyAccess permission has already taken effect.

More