Using IAM Roles and Policies to Grant Access to KooPhone

You can use Identity and Access Management (IAM) to perform role- and policy-based permissions management for your KooPhone resources. With IAM, you can:

Create users or user groups for employees from different functional departments based on your enterprise's organizational structure using your Huawei ID. Each employee has their own identity credentials for accessing KooPhone resources.
Grant users only the permissions required to perform a given task based on their job responsibilities.
Entrust a Huawei Cloud account or a cloud service to perform professional and efficient O&M on your KooPhone resources.

If your Huawei Cloud account meets your requirements and you do not need to create an individual IAM user, you can skip this section.

Figure 1 shows the process flow of role/policy-based authorization.

Prerequisites

Before granting permissions to a user group, learn about permissions in Role/Policy-based Permissions Management for KooPhone and select the permissions as needed. To grant permissions for other services, learn about all system-defined permissions supported by IAM.

Process Flow

Figure 1 Process for granting KooPhone permissions
Click to enlarge

Create a user group and assign permissions.
On the IAM console, create a user group and grant it the KooPhone ReadOnlyUser permission or the KooPhone Administrator role with all operation permissions.
Create a user and add it to the user group.
On the IAM console, create a user and add it to the user group created in 1.
Log in as an IAM user and verify the user's permissions.
Log in to the KooPhone console as an authorized user. On the Overview page, if you can view the instance list, the KooPhone ReadOnlyUser permission has taken effect. If you can purchase UNI Cloud Terminal, the KooPhone Administrator role with all operation permissions has taken effect.