Creating a User and Granting Permissions
This chapter describes how to use Identity and Access Management (IAM) for fine-grained permissions management for your DDM resources. With IAM, you can:
- Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials for accessing DDM resources.
- Grant users only the permissions required to perform a given task based on their job responsibilities.
- Entrust an account or cloud service to perform professional and efficient O&M on your DDM resources.
If your account does not need individual IAM users, then you may skip over this section.
This section describes the procedure for granting user permissions. Figure 1 shows the process flow.
Prerequisites
Before assigning permissions to a user group, you need to know the DDM system policies that can be added to the user group and select permissions as required. For system-defined policies for other services, see Permissions.
Process Flow
Figure 1 Process for assigning DDM permissions
- Create a user group and assign permissions to it.
Create a user group on the IAM console and attach the DDM ReadOnlyAccess policy to the group.
- Create an IAM user and add it to the user group.
Create a user on the IAM console and add the user to the group created in 1.
- Log in and verify permissions.
In the authorized region, perform the following operations:
- Choose Service List > Distributed Database Middleware and click Buy DDM Instance to buy a DDM instance. If you cannot buy a DDM instance, the DDM ReadOnlyAccess permission has taken effect.
- Choose any other service in the Service List (for example, there is only the DDM ReadOnlyAccess policy). If a message appears indicating insufficient permissions to access the service, the DDM ReadOnlyAccess policy has already taken effect.
- Prerequisites
- Process Flow