Creating a User and Granting Permissions¶
Use IAM to implement fine-grained permissions control over your Direct Connect resources. With IAM, you can:
Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to cloud resources.
Grant only the permissions required for users to perform a specific task.
Entrust another account or cloud service to perform professional and efficient O&M on your cloud resources.
Skip this part if your account does not require individual IAM users.
The following is the procedure for granting permissions.
Prerequisites¶
Before assigning permissions to user groups, you should learn about Direct Connect system policies and select the policies based on service requirements. For details about system permissions of Direct Connect, see Permissions. For system permissions of other cloud services, see Permission DescriptionPermission Description.
Process Flow¶
Create a user group and assign permissions.
Create a user group on the IAM console and attach the Direct Connect Administrator policy to the group, which grants users read-only permissions to Direct Connect resources.
Create an IAM user and add it to the created user group.
Create a user on the IAM console and add the user to the group created in 1.
Log in to the management console as the created user.
Switch to the authorized region and verify the permissions.
Choose Service List > Network > Direct Connect. On the displayed page, click Create Connection. If the connection fails to be created, the Direct Connect Administrator policy has taken effect.
Choose any other service in Service List. If a message appears indicating that you have insufficient permissions to access the service, the Direct Connect Administrator policy has already taken effect.