Permissions Management

You can use Identity and Access Management (IAM) for fine-grained permissions control for your LTS. With IAM, you can:

  • Create IAM users for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing LTS resources

  • Grant only the permissions required for users to perform a specific task.

  • Entrust an account or a cloud service to perform efficient O&M on your LTS resources.

If your account does not require individual IAM users, you can skip this section.

This section describes the procedure for granting user permissions. Figure 1 shows the process flow.

Prerequisites

Before granting permissions to user groups, learn about system-defined permissions in Permissions Management for LTS. To grant permissions for other services, learn about all permissions supported by IAM.

Process Flow

**Figure 1** Process of granting permissions to a user

Figure 1 Process of granting permissions to a user

  1. On the IAM console, create a user group and grant it permissions.

    Create a user group on the IAM console and grant the LTS FullAccess permission to the user group.

     
    Note

    If you select the LTS FullAccess permissions, the Tenant Guest policy that the permission depends on is automatically selected. You also need to grant the Tenant Administrator policy for the global service project to the user group.

  2. Create an IAM user and add it to the created user group.

    Create a user on the IAM console and add the user to the user group created in 1.

  3. Log in as the IAM user and verify permissions.

    Log in to the console as the user you created, and verify that the user has the assigned permissions.

last updated: 2025-02-26 08:37 UTC - commit: 50b6080032f3edac0b535fbdc58e4ec40f0c7b74