Help Center/ Situation Awareness/ User Guide/ Baseline Inspection/ Configuring Permissions to Use Baseline Inspection
Updated on 2022-09-01 GMT+08:00
View PDF
Share

Configuring Permissions to Use Baseline Inspection

To use functions in the Baseline Inspection module, your account must have the Tenant Administrator permission and IAM-related permissions.

This topic describes how to configure permissions to use a specific SA function.

Prerequisites

You have obtained the administrator account and its password.

Configuring Permissions to Use Baseline Inspection

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Management & Governance > Identity and Access Management.
  3. Add IAM-related permissions.

    1. In the navigation pane on the left, choose Permissions > Policies/Roles. In the upper right corner of the displayed page, click Create Custom Policy.
    2. Configure a policy.
      1. Policy Name: Enter a policy name.
      2. Scope: Select Global services.
      3. Policy View: Select JSON.
      4. Policy Content: Copy the following content and paste it in the text box. 
        {
    "Version": "1.1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iam:users:getUser",
                "iam:securitypolicies:getLoginPolicy",
                "iam:credentials:listCredentials",
                "iam:users:getUserLoginProtect",
                "iam:agencies:listAgencies",
                "iam:securitypolicies:getProtectPolicy",
                "iam:users:listUsers",
                "iam:securitypolicies:getPasswordPolicy",
                "iam:groups:listGroups",
                "iam:permissions:listRolesForAgencyOnProject",
                "iam:users:listUsersForGroup",
                "iam:projects:listProjectsForUser",
                "iam:permissions:listRolesForAgencyOnDomain"
            ]
        }
    ]
}
    3. Click OK.

  4. In the navigation pane one the left, choose Agencies.
  5. In the agency list, select ssa_admin_trust to go to the details page.
  6. Click the Permissions Assigned tab and click Assign.
  7. In the permission configuration area, search for and select Tenant Administrator and the permission created in 3.

    Figure 1 Baseline inspection permissions

  8. Click Next in the lower part of the page and set the minimum authorization scope.
  9. Click OK.
Parent topic: Baseline Inspection