Scenario
A company needs to manage multiple project teams and assign resources and personnel to different projects. This section presents the best practice for multi-project management to address company A's requirements.
Requirements
- Requirement 1: The company needs resources in CN-Hong Kong and AP-Singapore. The resources will be allocated to two project teams. Resources of the two project teams need to be isolated from each other. Resource access needs to be authorized, for example, only authorized IAM users can access a specific ECS.
- Requirement 2: Members in a team cannot access resources of other teams and only have the least privilege required to complete related tasks.
- Requirement 3: Costs can be managed independently for the tow project teams
Solution
- Solution to requirement 1: Enterprise Project Management (EPS) and Identity and Access Management (IAM) can both help you isolate resources between projects. However, the implementation logic and functions of the two services are different.
- EPS: An enterprise project can contain resources of different regions, and resources in different enterprise projects are logically isolated. You can add resources to and remove resources from an enterprise project.
- IAM: An IAM project can contain resources of only one region, and resources in different IAM projects are physically isolated.
- Solution to requirement 2: The company can use IAM to create users and user groups; add users to the user groups as needed; add add user groups to enterprise projects created based on requirement 1; and assign permissions to user groups based on table 10-1.
Figure 1 Personnel management model
Table 1 User group permissions User Group
Responsibility
Permissions
Description
Accounting team
Project expenditure management
Enterprise Project BSS FullAccess
Permissions for accounting management of enterprise projects
Development team
Project development
ECS FullAccess
Full permissions for Elastic Cloud Server (ECS)
OBS FullAccess
Full permissions for Object Storage Service (OBS)
ELB FullAccess
Full permissions for Elastic Load Balance (ELB)
Security maintenance team
Security O&M of the project
ECS CommonOperations
Permissions for basic ECS operations
CAD Administrator
Full permissions for Advanced Anti-DDoS (AAD)
Operations team
Overall operations of the project
EPS FullAccess
Full permissions for EPS, including modifying, enabling, disabling, and viewing enterprise projects.
For details about permissions of all Huawei Cloud services, see System-defined Permissions.
- Solution to requirement 3: The company can use EPS to independently manage renewals, orders, accounting, unsubscriptions, changes, and quotas of each enterprise project. For details, see Enterprise Project Accounting Management.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot