Creating a User and Assigning VOD Permissions

Prerequisites

Learn about the permissions (see Permissions Management) supported by VOD and choose policies or roles according to your requirements.

Notes

From December 30, 2024 on, policies will be the only way for VOD permissions management. Policies are easy to configure and allow flexible permission settings, meeting your requirements for IAM user permissions management in different scenarios.

If you enabled VOD before December 30, 2024 and are using both roles and policies for VOD permissions management, you can continue with the role + policy approach. For details, see Creating a User and Granting VOD Permissions.

If you want to switch to the policy-only approach for VOD permissions management, submit a service ticket.

Process Flow

Figure 1 Process of assigning VOD read-only permissions

1. Create a user group and assign permissions.

   Create a user group on the IAM console and attach the VOD ReadOnlyAccess policy to the group.

2. Create an IAM user and add them to the user group.

   Create a user on the IAM console and add them to the group created in 1.

3. Log in and verify permissions.

   In the authorized region, perform the following operations:

   • Choose Service List > Video on Demand. The VOD console is displayed. If a message is displayed indicating insufficient permissions for performing the operation, the ReadOnlyAccess policy has already taken effect.
   • Choose any other service in Service List. If a message is displayed indicating insufficient permissions for the service, the VOD ReadOnlyAccess policy has already taken effect.

Creating a User with Media Asset Isolation

VOD uses only policies for permissions management. Policies are easy to configure and allow flexible permission settings, meeting your requirements for IAM user permissions management in different scenarios.

If you want to isolate media assets for IAM users, you can assign the VOD Group Administrator role and use specified policies to manage the permissions on the media assets in the group where the IAM users are.

• You need to assign the role only when media asset isolation is required for IAM users.
• If you enabled VOD before December 30, 2024 and are using both roles and policies for VOD permissions and media asset management, you can continue with the role + policy approach. For details, see Creating a User and Granting VOD Permissions.

  If you want to switch to the policy-only approach for VOD permissions management, submit a service ticket.

Procedure:

1. Create a user group, for example, test.

   For details, see Creating a User Group and Assigning Permissions.

2. Create a user, for example, test, and add the user to the created user group test.

   For details, see Creating an IAM User and Adding Them to the User Group.

3. Access the VOD console as the test user.
4. In the navigation pane, choose Management > Audio and Video Management.

   If media asset isolation is not performed, the test user can view the list of media assets created by all users under the current Huawei Cloud account on the current page.

5. Assign the test user group the VOD Group Administrator role and configure a policy.

   For details, see Creating a User Group and Assigning Permissions.

6. Refresh the Management > Audio and Video Management page on the VOD console.

   After media asset isolation is complete, if the user is assigned only the VOD Group Administrator role, the user can view only the media assets they created, not the media assets created by other users under the current account.