Creating a User and Granting SMN Permissions¶
Use IAM to implement fine-grained permissions control over your SMN resources. With IAM, you can:
Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing SMN resources.
Grant only the permissions required for users to perform a specific task.
Entrust an account or cloud service to perform efficient O&M on your SMN resources.
If your account does not require individual IAM users, skip this chapter.
This section describes the procedure for granting permissions (see Figure 1).
Prerequisites¶
Learn about the system permissions (see Permissions) supported by SMN and choose policies or roles according to your requirements. For system permissions of other cloud services, see Permissions.
Process Flow¶
The following describes how to grant the SMN ReadOnlyAccess permissions.
Figure 1 Process for granting the SMN ReadOnlyAccess permissions¶
Create a user group and assign permissions
Create a user group on the IAM console and assign the SMN ReadOnlyAccess permissions to the group.
Create a user and add it to the user group.
Create a user on the IAM console and add the user to the group created in 1.
Log in as the created user and verify the SMN ReadOnlyAccess permissions.
Log in to the SMN console by using the created user and verify that the user only has the SMN ReadOnlyAccess permissions.
Choose Service List > Simple Message Notification. On the SMN Topics page, click Create Topic in the upper right corner. If the topic cannot be created, the SMN ReadOnlyAccess policy has already taken effect.
Choose any other service on the Service List page. If a message appears indicating that you have insufficient permissions to access the service, the SMN ReadOnlyAccess policy has already taken effect.
Choose Service List > Simple Message Notification. On the Topics page, if you can view existing topics, the SMN ReadOnlyAccess policy has already taken effect.