Help Center/ Situation Awareness/ FAQs/ Product Consulting/ How Do I Assign Operation Permissions to an Account?
Updated on 2024-06-11 GMT+08:00

How Do I Assign Operation Permissions to an Account?

To use functions in Baseline Inspection, Resource Manager, and Logs modules, your account must have the Tenant Administrator permission and IAM-related permissions.

This topic describes how to configure permissions to use a specific SA function.

Prerequisites

You have obtained the administrator account and its password.

Configuring Permissions to Use Baseline Inspection

To use Baseline Inspection, you need to configure permissions and policies as described in the following steps. Do not select other permissions or policies, or this function may still be unavailable after the configuration.

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Management & Governance > Identity and Access Management.
  3. Add IAM-related permissions.

    1. In the navigation pane on the left, choose Permissions > Policies/Roles. In the upper right corner of the displayed page, click Create Custom Policy.
    2. Configure a policy.
      1. Policy Name: Enter a policy name.
      2. Scope: Select Global services.
      3. Policy View: Select JSON.
      4. Policy Content: Copy the following content and paste it in the text box.
        {
            "Version": "1.1",
            "Statement": [
                {
                    "Effect": "Allow",
                    "Action": [
                        "iam:users:getUser",
                        "iam:securitypolicies:getLoginPolicy",
                        "iam:credentials:listCredentials",
                        "iam:users:getUserLoginProtect",
                        "iam:agencies:listAgencies",
                        "iam:securitypolicies:getProtectPolicy",
                        "iam:users:listUsers",
                        "iam:securitypolicies:getPasswordPolicy",
                        "iam:groups:listGroups",
                        "iam:permissions:listRolesForAgencyOnProject",
                        "iam:users:listUsersForGroup",
                        "iam:projects:listProjectsForUser",
                        "iam:permissions:listRolesForAgencyOnDomain"
                    ]
                }
            ]
        }
    3. Click OK.

  4. In the navigation pane one the left, choose Agencies.
  5. In the agency list, select ssa_admin_trust to go to the details page.
  6. Click the Permissions Assigned tab and click Assign.
  7. In the permission configuration area, search for and select Tenant Administrator and the permission created in 3.

    Figure 1 Baseline inspection permissions - Example

  8. Click Next in the lower part of the page and set the minimum authorization scope.
  9. Click OK.

Configuring Permissions to Use Resource Manager and Logs

To use Baseline Inspection, you need to configure permissions and policies as described in the following steps. Do not select other permissions or policies, or this function may still be unavailable after the configuration.

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Management & Governance > Identity and Access Management.
  3. In the navigation pane one the left, choose Agencies.
  4. In the agency list, select ssa_admin_trust to go to the details page.
  5. Click the Permissions Assigned tab and click Assign.
  6. In the permission configuration area, search for and select Tenant Administrator.

    Figure 2 Resource Manager permissions

  7. Click Next in the lower part of the page and set the minimum authorization scope.
  8. Click OK.