This section describes how to use IAM to implement fine-grained permissions control for your DMS resources. With IAM, you can:
- Create IAM users or user groups for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing TMS resources.
- Grant users only the permissions required to perform a given task based on their job responsibilities.
- Entrust an account or a cloud service to perform efficient O&M on your TMS resources.
If your account meets your permissions requirements, you can skip this section.
Figure 1 shows the process flow for granting permissions.
If users do not have the TMS Administrator permissions, the following situations occur:
- Users cannot access the TMS console.
- On consoles of other cloud services, users cannot view or use predefined tags created on the TMS console.
Prerequisites
Before granting permissions, learn about the TMS permissions and select the permissions as required. For details about the system-defined permissions in RBAC supported by TMS, see TMS Permissions. To grant permissions for other services, learn about all permissions.
Process Flow
create a user group and grant it permissions (TMS Administrator as an example).
- Log in and verify permissions.
Log in to the TMS console as the created user, and verify that it only has the TMS Administrator permissions.