Creating a User and Granting ESM Permissions
You can use Identity and Access Management (IAM) for fine-grained permissions control on ESM. With IAM, you can:
- Create IAM users for employees based on your organizational structure and grant minimum permissions to these users. Each IAM user will have their own security credentials for accessing specific ESM resources.
- Grant users only the permissions required to perform a given task based on their job responsibilities.
If your Huawei Cloud account does not require individual IAM users, skip this section.
Prerequisites
You should be clear about what system policies can be assigned to user groups and choose the right policies based on your requirements. Table 1 describes the system policies.
|
Policy |
Description |
Type |
Suggestion |
|---|---|---|---|
|
ESM FullAccess |
Administrator permissions on all ESM functions |
System policy |
Assign this policy to an administrator who registers and deregisters accounts. |
|
ESM ReadOnlyAccess |
Read-only permission on ESM |
System policy |
Assign this policy to administrators who use dashboards. |
Permission Granting Process
- Create a user group and assign permissions.
Create a user group on the IAM console, and attach the ESM FullAccess policy to the group.
- Create an IAM user and add it to the user group.
Create a user on the IAM console and add the user to the group created in 1.
- Log in and verify the permission granting.
Access the ESM console using the created user, and verify that the user has the administrator permissions for ESM in the following way:
Choose Organization from the main menu. On the Tenants page, click Create Tenant. If a tenant can be created, the ESM FullAccess policy has already taken effect.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
