IAM Authorization Entity
In IAM, authorization entities are primarily categorized into users and user groups. Integration with enterprise projects enables resource isolation by group and facilitates refined permission management.
IAM Authorization Entity
Type |
Description |
Reference |
---|---|---|
User |
The user you create using a master account in IAM. Each IAM user has their own identity credentials (password and access keys) and can use cloud resources after being granted permissions. IAM users do not own any resources.
|
|
User group |
A user group is a collection of IAM users. You can create user groups and add IAM users to them to quickly grant permissions to the users.
|
Enterprise Project
An enterprise project is a resource grouping management function, designed to partition resources into distinct logical units for grouped isolation and access control.
When using IAM authorization, associating IAM authorization entities (users and user groups) with enterprise projects effectively achieves grouped resource isolation and refined permission control.
Example: Use enterprise projects to group and isolate DLI resource pools and grant different user groups the permissions to access the corresponding enterprise projects.
An enterprise has two project teams A and B. Project team A and project team B use distinct elastic resource pools and databases. To ensure effective isolation of resources and data, the enterprise plans to use IAM to control access permissions to different resources, ensuring that users in project team A can only access resources corresponding to project team A, and users in project team B can only access resources corresponding to project team B.
- Create enterprise projects and associate elastic resource pools and databases with the enterprise projects.
Create enterprise project A and associate the resources used by project team A with enterprise project A.
Create enterprise project B and associate the resources used by project team B with enterprise project B.
- Create user groups.
Create user group A and add users in project team A to user group A.
Create user group B and add users in project team B to user group B.
- Grant permissions to user groups.
Grant permissions to user group A. On the Select Scope page, select Enterprise projects, and select enterprise project A created in 1.
Grant permissions to user group B. On the Select Scope page, select Enterprise projects, and select enterprise project B created in 1.
In this way, enterprises can group and isolate resources for refined permission control. This ensures both secure and efficient resource utilization.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot