Updated on 2022-11-17 GMT+08:00

Permissions Management

You can use IMS for free to manage SMS permissions and grant your employees with different permissions, to ensure secure access to your resources.

With IAM, you can use your account to create IAM users for your employees, and grant permissions to the users to control their access to specific resources of various types.

For example, you can create IAM users for software developers and assign specific permissions to allow them to use SMS but disallow them to delete the resources or perform any high-risk operations.

If your account does not need individual IAM users for permissions management, skip this section.

SMS Permissions

By default, new IAM users do not have any permissions assigned. To assign permissions to these new users, you need add them to one or more groups, and attach permission policies or roles to these groups. Users inherit permissions from the groups to which they are added and can perform specified operations on cloud services.

SMS is a global service deployed for all physical regions. SMS permissions are assigned to users in the Global project, and the users do not need to switch regions when accessing SMS.

Table 1 lists all the system-defined policies and roles of SMS. The cloud platform services interwork with each other, and some SMS roles are dependent on the roles of other services. When assigning SMS permissions to users, you need to also assign dependent roles for the SMS permissions to take effect.

Table 1 Common operations supported by each dependent system-defined policy or role

Operation

SMS FullAccess (Global)

OBS OperateAccess (OBS)

ECS FullAccess

VPC FullAccess

Creating migration tasks

x

Viewing migration progresses

x

x

x

IAM supports two types of policies: system-defined policies and custom policies.

  • If an IAM user needs all SMS permissions, attach the preceding system-defined policies to the user group to which the user has been added.
  • If an IAM user only needs some SMS permissions, you can create custom policies and attach these policies to the user group to which the user has been added.

For details, see Creating a User and Assigning Permissions.

Compared with system-defined policies, custom policies provide more fine-grained and secure permissions control.