Updated on 2024-12-04 GMT+08:00

Permissions Management

If you need to assign different permissions to employees in your enterprise to control their access to your cloud resources, you can use Identity and Access Management (IAM) for fine-grained permissions management. IAM provides functions such as identity authentication, permissions management, and access control.

With IAM, you can create IAM users and assign permissions to the users to control their access to specific resources.

If your account does not need individual IAM users for permissions management, skip this section.

Enterprise Switch Permissions

By default, new IAM users do not have any permissions assigned. You need to add them to one or more groups and attach roles to these groups so that these users can inherit permissions from the groups and perform specified operations on cloud services.

Enterprise Switch is a project-level service deployed and accessed in specific physical regions. You need to select a project for which the permissions will be granted. If you select All projects, the permissions will be granted for all the projects. You need to switch to the authorized region before accessing Enterprise Switch.

Enterprise Switch uses the same system permissions as VPC. Table 1 lists all the system-defined roles and policies supported by VPC. This VPC role is dependent on other roles. When assigning VPC roles to users, you need to also assign dependent roles for the VPC permissions to take effect.

Table 1 System-defined permissions for VPC

Policy Name

Description

Policy Type

Dependencies

VPC FullAccess

Full permissions for VPC.

System-defined policy

To use the VPC flow log function, users must also have the LTS ReadOnlyAccess permission.

VPC ReadOnlyAccess

Read-only permissions on VPC.

System-defined policy

None

VPC Administrator

Most permissions on VPC, excluding creating, modifying, deleting, and viewing security groups and security group rules.

To be granted this permission, users must also have the Tenant Guest and Server Administrator permission.

System-defined role

Tenant Guest and Server Administrator policies, which must be attached in the same project as VPC Administrator.