Updated on 2025-08-15 GMT+08:00

User Overview

You can add developer accounts (that is, member accounts) to the same account to implement collaborative development. That is, all developers under the same account can share application resources, such as viewing and using created applications, flows, and scripts.

Figure 1 User organization structure

Enterprise Administrator

When you successfully sign up for Huawei Cloud, your account is automatically created. Your account has full access permissions for your cloud services and resources and makes payments for the use of these resources. After login using an account, you will see a user marked Enterprise administrator on the Users page of the IAM console.

Figure 2 Identifier corresponding to an account

Instance Administrator

An IAM user created by an enterprise administrator with Astro Zero Instance ManageAccess can apply for a free instance or purchase a commercial one. Choose User Security > Users. You can see that the profile is System Administrator Profile.

IAM users with Astro Zero Instance ManageAccess can only manage instances and cannot add other IAM users to Huawei Cloud Astro Zero. To add a user, Astro Zero IAM User QueryAccess is required. For details about the system policies, see Permissions Management.
Figure 3 Instance administrator

System Administrator

IAM users added by a HUAWEI ID or Instance Administrator and assigned System Administrator Profile under the same HUAWEI ID have full operational permissions but cannot manage instances. Choose User Security > Users. You can see that the profile is also System Administrator Profile.

If the system administrator needs to add other IAM users to Huawei Cloud Astro Zero, the user group to which the system administrator belongs must have the Astro Zero Instance ViewAccess and Astro Zero IAM User QueryAccess profiles.

User

IAM or WeLink users added by the administrator and assigned the Developer Profile profile are application developers.

When adding an IAM user to Huawei Cloud Astro Zero and assigning them Developer Profile, ensure the IAM user is either not added to any user group or is added to a user group with Astro Zero Instance ViewAccess.

Figure 4 Adding Developer Profile to a user

In Huawei Cloud Astro Zero, users can perform the following operations:

Portal User

Portal users refer to the user accounts for accessing applications developed in Huawei Cloud Astro Zero, that is, application users. Choose Configuration Center > Organizations & Users > Users to create and manage portal users. After a portal user is added to Huawei Cloud Astro Zero, the user has the Portal User Profile profile by default.

Figure 5 User behavior

Understanding Preset Profiles

Profiles are used to control the operation permissions of users and portal users. The platform provides the following standard profiles:

  • System Administrator Profile: grants users full permissions.
  • Developer Profile: grants developer permissions, typically assigned to users. These users can perform development tasks on the platform, such as adding objects, fields, and processes.
  • Portal User Profile: grants portal user permissions, typically assigned to portal users. These portal users can log in and use applications created in the platform.
  • Anonymous User Profile: grants access permissions to guest users, allowing them to access applications created in the platform without logging in.
  • Standard User Profile: grants permissions to run system processes and create, view, modify, and delete records of existing system objects when the service is enabled. This profile does not include development permissions, such as adding objects or processes.
  • NoCode Developer Profile: grants permission for no-code application development and is preset only in the runtime environment.
  • NoCode Manager Profile: grants permission for managing no-code application data and is preset only in the runtime environment.

A profile can be assigned to multiple users, but each user can belong to only one profile. For details about the permissions in a profile, see Table 1.

You can customize a profile based on the default profiles. For details, see Creating a Permission Set.

Figure 6 Users' developer permissions
Figure 7 Portal users' permissions
Figure 8 Guest users' permissions
Table 1 Description

Permission

Description

View Metadata

Mandatory permission for users to access metadata. This permission is displayed only on the console and cannot be canceled.

Develop Application

The highest permission in the system. With this permission, you can customize all customizable parts in the system. By default, you have other permissions.

View All User

Permission to view the user list and user details.

View Roles

Permission to view the role list and role details.

Managing Roles

Permission to add, delete, and modify the permissions of a role.

View Profiles

Permission to view the profile list and profile details.

View Permission Sets

Permission to view the permission list and permission details.

View Groups

Permission to view the group list and group details.

Manage Groups

Permission to add, delete, and modify the permissions of a public group.

View Queues

Permission to view the queue list and queue details.

Manage Queues

Permission to add, delete, and modify queues.

View Portal User

Permission to view the portal user and portal user details.

Managing Portal User

Permission to add, delete, and modify the permissions of a portal user.

View Service Permissions Credential

Permission to view the service permission credential list and service permission credential details.

View System Configuration

Permission to view the system settings.

View Alarm Template/Record

Permission to view the alarm list and alarm details.

Manage Alarm Template/Record

Permission to add and modify alarm definitions.

View BPM

Permission to view the BPM definition list and details, including decision tables and triggers associated with the BPM.

Manage BPM Instances

Permission to modify BPM instance details.

View Flows

View the flow definition list and details.

View Scripts

Permission to view the script list and details.

View TimedTasks

Permission to view the scheduled task list and details.

Run limited import tasks

Permission to view the data import and data import template areas and upload data import templates.

View Reports

Permission to view the report list and details.

Run Reports

Permission to view the running instance of a report.

View Dashboards

Permission to view the dashboard list and details.

Run Dashboards

Permission to view the running instance of a dashboard.

View All Dashboards

Permission to view the tenant dashboard and application dashboard.

Manage Dashboards

Permission to perform operations on the tenant dashboard and application dashboard.

Manage Views

Permission to add, delete, and modify the permissions of a view.

Update Object Data

Permission to update object data and synchronize data.

View All Data

Permission to view all data. If this option is selected, the permission on a single object will be ignored.

Run SQL

Permission to execute SQL statements.

View Encrypted Data

Permission to view the plaintext of encrypted data.

View Tenant Trace Logs

Permission to view tenant tracing logs.

View Privacy Data

Permission to view some sensitive data objects in the form of data objects, such as permission configuration and connector definition.

Manage Data

Permission to operate any object on the data console.

Manage Bulletins

A developer with this permission can add, delete, and edit bulletins on the workbench page.