Help Center/ Enterprise Self-Service Management/ User Guide/ Permissions Management/ Creating a User and Granting ESM Permissions
Updated on 2025-05-29 GMT+08:00

Creating a User and Granting ESM Permissions

You can use Identity and Access Management (IAM) for fine-grained permissions control on ESM. With IAM, you can:

  • Create IAM users for employees based on your organizational structure and grant minimum permissions to these users. Each IAM user will have their own security credentials for accessing specific ESM resources.
  • Grant users only the permissions required to perform a given task based on their job responsibilities.

If your Huawei Cloud account does not require individual IAM users, skip this section.

Prerequisites

You should be clear about what system policies can be assigned to user groups and choose the right policies based on your requirements. Table 1 describes the system policies.

Table 1 ESM system policies

Policy

Description

Type

Suggestion

ESM FullAccess

Administrator permissions on all ESM functions

System policy

Assign this policy to an administrator who registers and deregisters accounts.

ESM ReadOnlyAccess

Read-only permission on ESM

System policy

Assign this policy to administrators who use dashboards.

Permission Granting Process

Figure 1 Process for granting ESM permissions
  1. Create a user group and assign permissions.

    Create a user group on the IAM console, and attach the ESM FullAccess policy to the group.

  2. Create an IAM user and add it to the user group.

    Create a user on the IAM console and add the user to the group created in 1.

  3. Log in and verify the permission granting.

    Access the ESM console using the created user, and verify that the user has the administrator permissions for ESM in the following way:

    Choose Organization from the main menu. On the Tenants page, click Create Tenant. If a tenant can be created, the ESM FullAccess policy has already taken effect.