Help Center/ CodeArts/ User Guide/ Preparations/ Configuring CodeArts Console Permissions/ Granting CodeArts Console Permissions Using IAM/ Using IAM Roles or Policies to Grant Access to CodeArts Console
Updated on 2026-04-27 GMT+08:00
View PDF
Share

Using IAM Roles or Policies to Grant Access to CodeArts Console

This section describes how to use Identity and Access Management (IAM) to manage permissions for your CodeArts resources on the console (Role/Policy-based Permissions Management). With IAM, you can:

  • Create IAM users for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing the CodeArts console.
  • Grant only the permissions required for users to perform a specific task.
  • Entrust a HUAWEI ID or a cloud service to perform efficient O&M on your CodeArts console.

If your account does not need individual IAM users for permissions management, you can skip this section.

This section describes the role-based authorization method. Figure 1 shows the authorization process.

Prerequisites

Learn about the permissions supported by the CodeArts console in Role/Policy-based Permissions Management and select them according to your requirements. To grant permissions for other services, learn about all system-defined permissions supported by IAM.

Process Flow

Figure 1 Process of granting permissions for the CodeArts console
  1. Creating a User Group and Assigning Permissions

    Create a user group on the IAM console and assign the DevCloud Console ReadOnlyAccess permissions to the group.

  2. Creating an IAM User

    On the IAM console, create a user and add it to the user group created in 1.

  3. Log in and verify permissions.

    In the authorized region, perform the following operations:

    Choose CodeArts in Service List, and then choose Enterprise Account Authorization in the navigation pane. Click Authorize Enterprise Account, and enter an account ID. If a message is displayed indicating that you cannot access the page, the DevCloud Console ReadOnlyAccess policy has already taken effect.

Example Custom Policies for the CodeArts Console

You can create custom policies to supplement the system-defined policies of the CodeArts console.

You can create custom policies in either of the following ways:

  • Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
  • JSON: Create a policy in the JSON format from scratch or based on an existing policy.

For details, see Creating a Custom Policy. The following section contains examples of common custom policies for the CodeArts Console.

  • Example 1: Allowing users to authorize enterprise accounts 
    {
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "devcloud:authorization:create"
            ]
        }
    ]
}
  • Example 3: Defining permissions for multiple services in a policy

    A custom policy can contain the actions of multiple services that are all of the global or project-level type. The following is an example policy containing actions of multiple services:

    { 
        "Version": "1.1", 
        "Statement": [ 
                { 
                        "Action": [ 
                                "devcloud:monthlyPackage:listResourceDetail", 
                                "ecs:cloudServers:delete"
                        ], 
                        "Effect": "Allow" 
                } 
        ] 
}
Parent Topic: Granting CodeArts Console Permissions Using IAM