Updated on 2025-07-03 GMT+08:00

Permissions

If you need to grant your enterprise personnel permission to access your FlexusL resources, use Identity and Access Management (IAM). IAM provides identity authentication, fine-grained permissions management, and access control. IAM helps you securely access your cloud resources.

With IAM, you can create IAM users and grant them permissions to access only specific resources. For example, if you want some software developers in your enterprise to be able to use FlexusL resources but do not want them to be able to delete FlexusL or perform any other high-risk operations, you can create IAM users and grant permission to use FlexusL but not permission to delete them.

If your account does not need individual IAM users for permissions management, skip this section.

IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see What Is IAM?

FlexusL Instance Permissions

New IAM users do not have any permissions assigned by default. You need to first add them to one or more groups and then attach policies or roles to these groups. The users then inherit permissions from the groups and can perform specified operations on cloud services based on the permissions they have been assigned.

FlexusL is a global service. When you set the authorization scope to Global services, users have permission to access FlexusL resources in all regions.

Table 1 lists the system-defined policies of FlexusL instances.
Table 1 System-defined policies for FlexusL instances

Policy Name

Description

Policy Content

CORS FullAccess

Administrator permissions. Users with these permissions can perform all operations on resources packaged in FlexusL instances, including creating, deleting, querying, and modifying service resources.

CORS FullAccess Policy Content

CORS ReadOnlyAccess

Common user permissions. Users with these permissions can only perform query operations.

CORS ReadOnlyAccess Policy Content

Table 2 lists the common operations supported by system-defined permissions for FlexusL.
Table 2 Common operations supported by system-defined permissions

Operation

CORS FullAccess

CORS ReadOnlyAccess

Creation

x

Remote login to FlexusL instances on the management console

x

Resource card checking

Details query

Modification

x

Start

x

Stop

x

Restart

x

Unsubscription

x

OS reinstallation

x

OS change

x

Specification modification

x

Reference

CORS FullAccess Policy Content

{
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "cors:*:*"
            ]
        }
    ]
}

CORS ReadOnlyAccess Policy Content

{
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "cors:*:get",
                "cors:*:list"
            ]
        }
    ]
}