Scenario
Company A is an enterprise user and has multiple project teams that require different resources and personnel. This topic presents the best practice for multi-project management to address company A's requirements.
Requirements
- Requirement 1: Company A can create multiple types of resources in region_01 and region_02 for two project teams. Resources of the two project teams need to be isolated from each other.
- Requirement 2: Each member of the project teams can access only the resources of the project team to which the member belongs, and only has the permissions required to complete tasks.
Solution
- Solution to requirement 1: Enterprise Management and Identity and Access Management (IAM) are two cloud services that can isolate resources between projects. However, the implementation logic and functions of the two services are different.
- Enterprise Management: You can create enterprise projects to group and manage resources across regions. Resources in enterprise projects are logically isolated from each other. Each enterprise project can contain resources of multiple regions, and resources can be added to or removed from enterprise projects.
- IAM: IAM projects group and physically isolate resources in a region, and each IAM project can only contain resources in the same region. Resources cannot be transferred between IAM projects.
- Solution to requirement 2: In IAM, company A creates IAM users for employees and adds the IAM users to different groups. In Enterprise Management, company A adds the user groups to the enterprise projects created to address Requirement 1 and assigns required resource access permissions (see Table 1) to each user group.
Figure 1 Personnel management model of company A
Table 1 User group permissions in company A User Group
Responsibility
Permissions
Description
Development team
Project development
ELB Admin
Full permissions for Elastic Load Balance (ELB)
OBS Administrator
Full permissions for Object Storage Service (OBS)
EPS FullAccess
Full permissions for Enterprise Management
Security maintenance team
Security O&M of the project
ECS CommonOperations
Permissions for basic ECS operations
Operations team
Overall operations of the project
EPS FullAccess
Full permissions for Enterprise Management, including modifying, enabling, disabling, and viewing enterprise projects
For details about system permissions of all cloud services, see System Permissions.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot