Creating a User and Granting Permissions
IAM enables you to perform a refined management on your Cloud Eye service. It allows you to:
- Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing Cloud Eye resources.
- Grant different permissions to IAM users based on their job responsibilities.
- Entrust an account or a cloud service to perform efficient O&M on your Cloud Eye resources.
If your account does not require individual IAM users, skip this topic.
This topic describes the procedure for granting permissions (see Figure 1).
Prerequisites
Before assigning permissions to a user group, you need to understand the Cloud Eye system policies that can be added to the user group and select a policy as required.
For details about the system policies supported by Cloud Eye and the comparison between these policies, see Permissions.
- .
Create a user group on the IAM console, and attach the CES Administrator, Tenant Guest, and Server Administrator policies to the group.
- Cloud Eye is a region-specific service and must be deployed in specific physical regions. Cloud Eye permissions can be assigned and take effect only in specific regions. If you want a permission to take effect for all regions, assign it in all these regions. The global permission does not take effect.
- The preceding permissions are all Cloud Eye permissions. For more refined Cloud Eye permissions, see Permissions Management.
- Create a user and add it to a user group. Create a user on the IAM console and add the user to the group created in 1.
- and verify permissions.
Log in to the Cloud Eye console as the created user, and verify that the user only has the CES Administrator permissions.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
