Creating a User and Granting Permissions

This section describes how to use IAM to implement fine-grained permissions control for your TMS resources. With IAM, you can:

  • Create IAM users or user groups for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing TMS resources.

  • Grant users only the permissions required to perform a given task based on their job responsibilities.

  • Entrust an account or a cloud service to perform efficient O&M on your TMS resources.

If your account meets your permissions requirements, you can skip this section.

Figure 1 shows the process flow for granting permissions.


Before granting permissions, learn about the TMS permissions and select the permissions as required. For details about the system-defined permissions supported by TMS, see TMS Permissions. To grant permissions for other services, learn about all permissions.


**Figure 1** Granting TMS permissions

Figure 1 Granting TMS permissions

  1. On the IAM console, create a user group and assign permissions. Here, TMS ReadOnlyAccess permissions are used as an example.

  2. Create an IAM user and add it to the created user group.

  3. Log in and verify permissions.

    The created user logs in to the console and verifies permissions as described below:

    • Choose Service List > Tag Management Service. In the navigation pane on the left, click Predefined Tags. In the upper right corner of the displayed page, click Create Tag. If a message appears indicating that you have insufficient permissions to perform the operation, and if you can view existing predefined tags in the Predefined Tags page, the TMS ReadOnlyAccess policy is in effect.

    • Choose another service from Service List. If a message appears indicating that you have insufficient permissions to access the service, the TMS ReadOnlyAccess policy is in effect.