Help Center/ Resource Formation Service/ User Guide/ IAM-based Permissions Management/ Creating a User and Granting Permissions to Use RFS Based on Identity Policies
Updated on 2025-04-01 GMT+08:00

Creating a User and Granting Permissions to Use RFS Based on Identity Policies

To manage permissions for RFS based on identities, IAM. With IAM, you can:

  • Use your Huawei Cloud account to create IAM users or groups for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for using RFS.
  • Grant only the permissions required for users to perform a specific task.
  • Entrust a Huawei Cloud account or a cloud service to perform efficient O&M on your RFS.

If your Huawei Cloud account meets your permissions requirements, you can skip this section.

This section describes how to perform identity policy-based authorization. Figure 1 shows the process flow.

Prerequisites

Learn about the permissions supported by RFS, and choose policies or roles according to your requirements.

Process Flow

Figure 1 Process for granting RFS permissions
  1. Create a user or user group.

    Log in to the IAM console to create a user or user group.

  2. Attach a system-defined policy to the user or user group.

    Assign the RF ReadOnlyAccess system-defined policy to the user or user group.

  3. Log in and verify permissions.

    Log in to the console as an authorized user and verify the permissions.

    • Choose Service List > Resource Formation Service. On the RFS console, click Stacks to go to the stack list, and delete a stack. If the stack cannot be deleted (assume that the current permissions contain only RF ReadOnlyAccess), the RF ReadOnlyAccess policy has taken effect.
    • Choose another service from the Service List. If a message appears, indicating that you have insufficient permissions to access the service (assume that the current permissions contain only RF ReadOnlyAccess), the RF ReadOnlyAccess policy has taken effect.