Updated on 2023-03-07 GMT+08:00

Before You Start

Reading this document will help you to:

  • Create Identity and Access Management (IAM) users.
  • Create user groups based on your organization's business functions.
  • Assign permissions to user groups.
  • Create IAM users for employees in your organization.
  • Enable IAM users to log in to the cloud platform.

Prerequisites

You already have an account. If you do not have an account, create one.

Example Scenario

A is a website development company that has three functional teams. Instead of creating an account for each employee in company A, the company's administrator can register an account to create resources and control access permissions. The administrator can create IAM users for employees and assign permissions to the users.

Company A is used as an example to demonstrate how an enterprise can use IAM to configure cloud service permissions.

Organizational Structure

  • Management team (admin group in Figure 1): manages employees and resources, assigns permissions, and allocates resources. The team members include James and Alice.
  • Development team (Developers group in Figure 1): develops websites. The team members include Charlie and Jackson.
  • Test team (Testers group in Figure 1): tests websites. The team members include Jackson and Emily. Jackson develops and tests websites, so he needs to join both the Developers and Testers groups to obtain the required permissions.
Figure 1 User management model

User Groups and Required Resources

  • admin group: manages user permissions using IAM.
  • Developers group: develops websites using Elastic Cloud Server (ECS), Elastic Load Balance (ELB), Virtual Private Cloud (VPC), Relational Database Service (RDS), Elastic Volume Service (EVS), and Object Storage Service (OBS).
  • Testers group: performs functional and performance testing on websites by using the Application Performance Management (APM) service.

User Management Process

  1. The administrator of company A logs in to the cloud platform, creates user groups Developers and Testers, and grants them permissions. For details, see Step 1: Create User Groups and Assign Permissions.
  2. The administrator creates IAM users for members of the three functional teams. The members then log in to the cloud platform as IAM users. For details, see Step 2: Create IAM Users and Log In.