Updated on 2024-04-15 GMT+08:00

Creating a User and Granting Permissions

Scenarios

This section describes how to use Identity and Access Management (IAM) to implement fine-grained permissions control over your images. With IAM, you can:

  • Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own identity credentials for accessing images.
  • Grant only the permissions required for users to perform a specific task.
  • Entrust an account or cloud service to perform professional and efficient O&M on your images.

If your account does not need individual IAM users for permissions management, you can skip this section.

This section uses the IMS ReadOnlyAccess permission as an example to describe how to grant permissions to a user. Figure 1 shows the process.

Prerequisites

Learn about the permissions (see IMS Permissions) supported by IMS.

Process Flow

Figure 1 Process for granting IMS permissions
  1. Create a user group and grant permissions to it.

    Create a user group on the IAM console and click Authorize in the Operation column to assign the IMS ReadOnlyAccess permissions to the group.

  2. Create an IAM user and add it to the user group.

    Create a user on the IAM console and add it to the user group created in 1 by choosing Authorize in the Operation column.

  3. Log in and verify permissions.

    Log in to the management console using the IAM user, switch to a region where the permissions take effect, and verify the permissions (assume that the user has only the IMS ReadOnlyAccess permission).

    • In the Service List, choose Image Management Service. On the IMS console, perform operations except querying images, such as creating, modifying, and deleting an image.

      For example, click Create Private Image in the upper right corner. If you are prompted insufficient permissions, the IMS ReadOnlyAccess permission has taken effect.

    • Choose any other service in the Service List, such as Virtual Private Cloud. If a message appears indicating insufficient permissions to access the service, the IMS ReadOnlyAccess permission has taken effect.