Creating a User Group and Assigning Permissions
The company has three functional teams, including the management, development, and test teams. After the company administrator creates an account, the default group admin is automatically generated and has full permissions for all cloud services. The administrator only needs to create another two groups in IAM for the development and test teams, respectively.
Creating User Groups
- Use your HUAWEI ID to enable Huawei Cloud services, and then log in to Huawei Cloud.
Figure 1 Logging in to Huawei Cloud
- Click Console in the upper right corner.
Figure 2 Logging in to the management console
- On the management console, hover the mouse pointer over the username in the upper right corner, and choose Identity and Access Management from the drop-down list.
Figure 3 Accessing the IAM console
- On the IAM console, choose User Groups from the left navigation pane, and click Create User Group.
Figure 4 Creating a user group
- Enter developers for Name, and click OK.
Figure 5 Specifying user group details
- Create the testers group by referring to steps 4 and 5.
Assigning Permissions to User Groups
Developers in the company need to use ECS, RDS, ELB, VPC, EVS, and OBS, so the administrator needs to assign the required permissions to the developers group to enable access to these services. Testers in the company need to use Cloud Eye, so the administrator needs to assign the required permissions to the testers group to enable access to the service. After a user is added to an authorized user group, the user can use cloud services based on the assigned permissions. For details about the system-defined identity policies of all cloud services, see System-defined Permissions.
- Check the required permissions according to System-defined Permissions. Table 1 lists the permissions to be set.
Table 1 Required permissions User Group
Cloud Service
Permissions
developers
ECS
ECSFullPolicy
RDS
RDSFullAccessPolicy
ELB
ELBFullAccessPolicy
VPC
VPCFullAccessPolicy
EVS
EVSFullAccessPolicy
OBS
OBSFullAccessPolicy
testers
Cloud Eye
CESFullAccessPolicy
You are advised to adhere to the principle of least privilege and grant only the permissions required for a user to perform a specific task. System-defined policies are provided for all Huawei Cloud users and do not grant the minimum permissions required for your specific use cases.
- In the user group list, click Authorize in the row containing the user group developers.
Figure 6 Authorizing a user group
- Select the permissions to be assigned and click OK. The user group will have the required permissions listed in Table 1.
Due to system, cache, and other reasons, the identity policies will be applied several minutes after the authorization is complete.
- Refer to steps 2 to 3 to assign the CESFullAccessPolicy permissions to the testers group.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
