Help Center/ Live/ Media Live/ Console Operations/ Permissions Management/ Creating a User and Assigning Live Permissions
Updated on 2025-01-24 GMT+08:00

Creating a User and Assigning Live Permissions

This section describes how to use IAM to implement refined permissions management for your Live resources. With IAM, you can:

  • Create IAM users for employees from different departments of your enterprise. In this way, each IAM user has a unique security credential to use Live resources.
  • Assign only the permissions required for users to perform a specific task.
  • Entrust a Huawei Cloud account or cloud service to perform efficient O&M on your Live resources.

If your Huawei Cloud account does not require individual IAM users, skip this section.

This section describes the procedure for assigning permissions. For details, see Figure 1.

Notes

Submit a service ticket to apply for permissions management on the following two types of Live users:

  • Users who had created domain names in the AP-Singapore region before March 1, 2022.
  • Users who had created domain names in the CN North-Beijing4 region before March 16, 2022.

After permissions management is enabled, unauthorized IAM users cannot call the Live APIs. Ensure that IAM users have been assigned the Live permissions.

Prerequisites

Learn about the Live permissions that can be assigned to the user group and assign the permissions as required. For details, see the system-defined permissions on Live.

Process Flow

Figure 1 Process for assigning read-only permissions on Live
  1. Create a user group and assign permissions

    Create a user group on the IAM console, and attach the Live ReadOnlyAccess policy to the group.

  2. Create a user and add them to the user group

    Create a user on the IAM console and add the user to the group created in 1.

  3. Log in and verify permissions.

    Log in to the Live console as the created user, and verify that the user only has read permissions on Live.

    Choose Live in Service List. Then click Domains to add a domain name. If a message is displayed indicating insufficient permissions for performing the operation, the Live ReadOnlyAccess policy has taken effect.