Use IAM for fine-grained permissions control over your resources. With IAM, you can:
- Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to cloud resources.
- Grant only the permissions required for users to perform a specific task.
- Entrust another account or cloud service to perform professional and efficient O&M on your cloud resources.
Skip this part if your account does not require individual IAM users.
The following is the procedure for granting permissions.
Prerequisites
Before assigning permissions to user groups, you should learn about Direct Connect system policies and select the policies based on service requirements. For details about system-defined permissions of Direct Connect, see Permissions. For system-defined permissions of other cloud services, see Permissions.
Process Flow
Figure 1 Process for granting Direct Connect permissions
- Create a user group and assign permissions.
Create a user group on the IAM console and assign the DCAAS ReadOnlyAccess policy to the group.
- Create a user and add the user to the user group
Create a user on the IAM console and add the user to the group created in 1.
- Log in to the management console as the created user.
Switch to the authorized region and verify the permissions.
- Choose Service List > Network > Direct Connect. On the Connections page, select a connection and click Modify in the Operation column to modify the connection. If the connection cannot be modified, DCAAS ReadOnlyAccess has taken effect.
- Choose any other service in Service List. If a message appears indicating that you have insufficient permissions to access the service, the DCAAS ReadOnlyAccess policy has already taken effect.