Creating a User and Granting Permissions

This section describes IAM's fine-grained permissions management for DRS.

  • With IAM, you can:

    • Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to DRS resources.

    • Grant only the permissions required for users to perform a specific task.

    • Entrust an account or cloud service to perform professional and efficient O&M on your DRS resources.

If your account does not require individual IAM users, skip this chapter.

This section describes the procedure for granting permissions (see Figure 1).

Prerequisites

Learn about the permissions (see Permissions Management) supported by DRS and choose policies or roles according to your requirements.

Process Flow

**Figure 1** Process for granting DRS permissions

Figure 1 Process for granting DRS permissions

  1. Create a user group and assign permissions to it.

    Create a user group on the IAM console, and assign the DRS Administrator policy to the group.

  2. Create a user.

    Create a user on the IAM console and add the user to the group created in 1.

  3. Log in and verify permissions.

    Log in to the management console using the newly created user, and verify that the user only has read permissions for DRS.

    Go to the DRS console, click Create Migration Task in the upper right corner to create a migration task. If a migration task (assume that there is only the DRS Administrator permission) is created, the DRS Administrator policy has taken effect.