Help Center/ KooDrive/ User Guide/ Using IAM to Grant Access to KooDrive/ Using IAM Identity Policies to Grant Access to KooDrive
Updated on 2025-11-19 GMT+08:00
View PDF
Share

Using IAM Identity Policies to Grant Access to KooDrive

System-defined permissions in "Identity Policy-based Authorization" provided by Identity and Access Management (IAM) let you control access to KooDrive. With IAM, you can:

  • Create IAM users or user groups for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing KooDrive resources.
  • Grant users only the permissions required to perform a given task based on their job responsibilities.
  • Entrust a Huawei Cloud account or a cloud service to perform efficient O&M on your KooDrive resources.

If your Huawei Cloud account meets your permissions requirements, you can skip this section.

Figure 1 shows the process flow of identity policy-based authorization.

Prerequisites

Before granting permissions, learn about system-defined permissions for KooDrive. For details, see Identity Policy-based Permissions Management. To grant permissions for other services, learn about all system-defined permissions supported by IAM.

Process Flow

Figure 1 Process of granting KooDrive permissions using identity policy-based authorization
  1. On the IAM console, create an IAM user or create a user group.
  2. Attach a system-defined identity policy to the user or user group.

    Assign the permissions defined in the system-defined identity policy KooDriveFullAccessPolicy to the user or group, or attach the system-defined identity policy to it.

  3. Log in as the IAM user and verify permissions.

    In the authorized region, perform the following operations:

    Choose KooDrive from the service list. On the KooDrive console, click Enable Now in the upper right corner. If KooDrive cannot be enabled and a message appears indicating that you need to switch from an IAM account to a Huawei account, the KooDriveFullAccessPolicy policy is in effect.

    After the policy takes effect, the following operations cannot be performed:

    • Subscribing to the service
    • Unsubscribing from the service
    • Logging in to the KooDrive service plane

Example Custom Identity Policies

You can create custom identity policies to supplement the system-defined identity policies of KooDrive. Currently, KooDrive supports only one action. There is no need to create custom identity policies. Creating custom policies may result in duplicate policies.