Creating a User Group and Granting Permissions¶
With IAM, you can:
Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to WAF resources.
Grant only the permissions required for users to perform a task.
Entrust an account or cloud service to perform professional and efficient O&M on your WAF resources.
If your account does not require individual IAM users, skip this chapter.
This topic describes the procedure for granting permissions (see Figure 1).
Prerequisites¶
Learn about the permissions supported by WAF in Table 1 and choose policies or roles based on your requirements. For the system policies of other services, see System Permissions.
Role/Policy Name | Description | Category | Dependencies |
|---|---|---|---|
WAF Administrator | Administrator permissions for WAF | System-defined role | Dependent on the Tenant Guest and Server Administrator roles.
|
WAF FullAccess | All permissions for WAF | System-defined policy | None. |
WAF ReadOnlyAccess | Read-only permissions for WAF. | System-defined policy |
Process Flow¶
Figure 1 Process for granting permissions¶
Log in to the management console as the created user and verify the permissions.
Log in to the WAF console by using the newly created user, and verify that the user only has WAF Administrator permissions for WAF.
Choose any other service in Service List. If a message appears indicating that you have insufficient permissions to access the service, the WAF Administrator policy has already taken effect.