Help Center/ Live/ Media Live/ Console Operations/ Permissions Management/ Creating a User and Assigning Live Permissions

Updated on 2024-09-06 GMT+08:00

View PDF

Creating a User and Assigning Live Permissions

This section describes how to use IAM to implement refined permissions management for your Live resources. With IAM, you can:

Create IAM users for employees from different departments of your enterprise. In this way, each IAM user has a unique security credential to use Live resources.
Assign only the permissions required for users to perform a specific task.
Entrust a Huawei Cloud account or cloud service to perform efficient O&M on your Live resources.

If your Huawei Cloud account does not require individual IAM users, skip this section.

This section describes the procedure for assigning permissions. For details, see Figure 1.

Notes

Permissions management is not performed on the following two types of Live users. To perform permissions management, submit a service ticket.

Users who had created domain names in the AP-Singapore region before March 1, 2022.
Users who had created domain names in the CN North-Beijing4 region before March 16, 2022.

After permissions management is enabled, unauthorized IAM users cannot call the Live APIs. Ensure that IAM users have been assigned the Live permissions.

Prerequisites

Learn about the Live permissions that can be assigned to the user group and assign the permissions as required. For details, see the Live permissions listed in Permissions Management.

Process Flow

Figure 1 Process for assigning only read permissions on Live

Create a user group and assign permissions to it.
Create a user group on the IAM console, and assign the Live ReadOnlyAccess policy to the group.
Create an IAM user and add it to the user group.
Create a user on the IAM console and add the user to the group created in 1.
Log in and verify permissions.
Log in to the Live console using the created user, and verify that the user only has read permissions on Live.

Choose Live in Service List. Then click Domains to add a domain name. If a message is displayed indicating insufficient permissions for performing the operation, the Live ReadOnlyAccess policy has taken effect.