Permissions Management

If you need to assign different permissions to employees in your enterprise to access your EdgeSec resources, IAM is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your HUAWEI CLOUD resources.

With IAM, you can use your Huawei ID to create IAM users for your employees, and assign permissions to the users to control their access to specific resource types. For example, some software developers in your enterprise need to use EdgeSec resources but must not delete them or perform any high-risk operations. To achieve this result, you can create IAM users for the software developers and grant them only the permissions required for using EdgeSec resources.

If your Huawei account does not need individual IAM users for permissions management, then you may skip over this section.

IAM can be used free of charge. You pay only for the resources in your account. For more details, see IAM Service Overview.

EdgeSec Permissions

By default, new IAM users do not have permissions assigned. You need to add a user to one or more groups, and attach permissions policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services based on the permissions.

EdgeSec is a project-level service divided by physical region during deployment. To assign permissions to a user group, specify the scope as region-specific projects and select projects for the permissions to take effect. If All projects is selected, the permissions will take effect for the user group in all region-specific projects. When accessing EdgeSec, the users need to switch to a region where they have been authorized to use EdgeSec.

You can grant users permissions by using roles and policies.

Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. This mechanism provides a limited number of service-level roles for authorization. If one role has a dependency role required for accessing AAD, assign both roles to the users. However, roles are not an ideal choice for fine-grained authorization and secure access control.
Policies: A type of fine-grained authorization that defines permissions required to perform operations on specific cloud resources under certain conditions. This type of authorization is more flexible and ideal for secure access control. For example, EdgeSec administrators can only grant EdgeSec users the permissions needed for managing a particular type of EdgeSec resources. Most fine-grained policies split permissions based on APIs.

Table 1 describes all system roles of EdgeSec.

**Table 1** EdgeSec system roles
System Role/Policy Name	Description	Type	Dependency
EdgeSec FullAccess	All permissions of EdgeSec	System policy	None
EdgeSec ReadOnlyAccess	Read-only permission of EdgeSec	System policy	None

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot

Permissions Management

EdgeSec Permissions

Related Links

Feedback

Was this page helpful?