vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/rds/umn/rds_07_0002.html
Ru, Li Yi f51ec873f3 rds_umn 
Reviewed-by: Wagner, Fabian <fabian.wagner@t-systems.com>
Co-authored-by: Ru, Li Yi <liyiru7@huawei.com>
Co-committed-by: Ru, Li Yi <liyiru7@huawei.com>
2024-06-05 10:42:11 +00:00

27 lines
5.4 KiB
HTML
Raw Blame History

<a name="rds_07_0002"></a><a name="rds_07_0002"></a>
<h1 class="topictitle1">Creating a User and Granting Permissions</h1>
<div id="body1559186438460"><p id="rds_07_0002__p1586916476416">This chapter describes how to use <a href="https://docs.otc.t-systems.com/usermanual/iam/iam_01_0026.html" target="_blank" rel="noopener noreferrer">Identity and Access Management (IAM)</a> for fine-grained permissions management for your <span class="keyword" id="rds_07_0002__keyword17281935195710">RDS</span> resources. With IAM, you can:</p>
<ul id="rds_07_0002__ul13870114718418"><li id="rds_07_0002__li7870144710416">Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing <span class="keyword" id="rds_07_0002__keyword427744115576">RDS</span> resources.</li><li id="rds_07_0002__li68701747447">Grant only the permissions required for users to perform a specific task.</li><li id="rds_07_0002__li198705476417">Entrust a account or cloud service to perform efficient O&amp;M on your <span class="keyword" id="rds_07_0002__keyword8348453572">RDS</span> resources.</li></ul>
<p id="rds_07_0002__p178709471743">If your account does not require individual IAM users, skip this chapter.</p>
<p id="rds_07_0002__p118701847544">This section describes the procedure for granting permissions (see <a href="#rds_07_0002__en-us_topic_0172661625_fig15451536531">Figure 1</a>).</p>
<div class="section" id="rds_07_0002__en-us_topic_0172661625_section25675773"><h4 class="sectiontitle">Prerequisites</h4><p id="rds_07_0002__p539216578140">Learn about the permissions (see <a href="rds_01_0017.html">Permissions Management</a>) supported by RDS and choose policies or roles according to your requirements.For the system policies of other services, see <a href="https://docs.otc.t-systems.com/permissions/index.html" target="_blank" rel="noopener noreferrer">Permissions</a>.</p>
</div>
<div class="section" id="rds_07_0002__en-us_topic_0172661625_section10309404"><h4 class="sectiontitle">Process Flow</h4><div class="fignone" id="rds_07_0002__en-us_topic_0172661625_fig15451536531"><a name="rds_07_0002__en-us_topic_0172661625_fig15451536531"></a><a name="en-us_topic_0172661625_fig15451536531"></a><span class="figcap"><b>Figure 1 </b>Process for granting RDS permissions</span><br><span><img id="rds_07_0002__en-us_topic_0172661625_image51797270" src="en-us_image_0192954081.png"></span></div>
<ol id="rds_07_0002__en-us_topic_0172661625_ol34829302"><li id="rds_07_0002__en-us_topic_0172661625_li10176121316284"><a name="rds_07_0002__en-us_topic_0172661625_li10176121316284"></a><a name="en-us_topic_0172661625_li10176121316284"></a><a href="https://docs.otc.t-systems.com/usermanual/iam/iam_01_0030.html" target="_blank" rel="noopener noreferrer">Create a user group and assign permissions</a> to it.<p class="litext" id="rds_07_0002__en-us_topic_0172661625_p2601186">Create a user group on the IAM console, and attach the <strong id="rds_07_0002__b156441813181812">RDS ReadOnlyAccess</strong> policy to the group.</p>
<div class="note" id="rds_07_0002__note17371145710467"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="rds_07_0002__p1281535812572">To use some interconnected services, you also need to configure permissions of such services.</p>
<p id="rds_07_0002__p537195714617">For example, to connect to your DB instance through the console, configure the <strong id="rds_07_0002__b1398311402163">DAS FullAccess</strong> permission of Data Admin Service (DAS) besides <span class="uicontrol" id="rds_07_0002__uicontrol761821711565"><b>RDS ReadOnlyAccess</b></span>.</p>
</div></div>
</li><li id="rds_07_0002__en-us_topic_0172661625_li17216995"><a href="https://docs.otc.t-systems.com/usermanual/iam/iam_01_0031.html" target="_blank" rel="noopener noreferrer">Create an IAM user and add it to the user group</a>.<p class="litext" id="rds_07_0002__en-us_topic_0172661625_p20735233">Create a user on the IAM console and add the user to the group created in <a href="#rds_07_0002__en-us_topic_0172661625_li10176121316284">1</a>.</p>
</li><li id="rds_07_0002__en-us_topic_0172661625_li1832323"><a href="https://docs.otc.t-systems.com/usermanual/iam/iam_01_0032.html" target="_blank" rel="noopener noreferrer">Log in</a> and verify permissions.<p id="rds_07_0002__p423919303914">Log in to the RDS console by using the created user, and verify that the user only has read permissions for RDS.</p>
<ul id="rds_07_0002__ul723983013917"><li id="rds_07_0002__li5239830395">Choose <strong id="rds_07_0002__b977303513810">Service List</strong> &gt; <strong id="rds_07_0002__b114193410311">Relational Database Service</strong> and click <strong id="rds_07_0002__b167751035133816">Buy DB Instance</strong>. If a message appears indicating that you have insufficient permissions to perform the operation, the <strong id="rds_07_0002__b139734373912">RDS ReadOnlyAccess</strong> policy has already been applied.</li><li id="rds_07_0002__li42395301198">Choose any other service in <strong id="rds_07_0002__b348616563397">Service List</strong>. If a message appears indicating that you have insufficient permissions to access the service, the <strong id="rds_07_0002__b5154850104015">RDS ReadOnlyAccess</strong> policy has already taken effect.</li></ul>
</li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rds_07_0000.html">Permissions Management</a></div>
</div>
</div>
View Git Blame Copy Permalink