doc-exports/docs/sfs/umn/sfs_01_0032.html

<a name="sfs_01_0032"></a><a name="sfs_01_0032"></a>

<h1 class="topictitle1">Creating a User and Granting SFS Permissions</h1>
<div id="body1559035268439"><p id="sfs_01_0032__p16362181233">This chapter describes how to use IAM to implement fine-grained permissions control for your SFS resources. With IAM, you can:</p>
<ul id="sfs_01_0032__ul737218182317"><li id="sfs_01_0032__li11371918152317">Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing SFS resources.</li><li id="sfs_01_0032__li7372018132315">Grant only the permissions required for users to perform a specific task.</li></ul>
<p id="sfs_01_0032__p6381818172311">If your cloud account does not require individual IAM users, skip this section.</p>
<p id="sfs_01_0032__p05785215594">This section describes the procedure for granting permissions (see <a href="#sfs_01_0032__fig625610403530">Figure 1</a>).</p>
<div class="section" id="sfs_01_0032__section19578184675710"><h4 class="sectiontitle">Prerequisites</h4><p id="sfs_01_0032__p57824185467">Learn about the permissions (see <a href="sfs_01_0013.html">Permissions</a>) supported by SFS and choose policies or roles according to your requirements. </p>
</div>
<div class="section" id="sfs_01_0032__section1016916187178"><h4 class="sectiontitle">Restrictions</h4><ul id="sfs_01_0032__ul741218591550"><li id="sfs_01_0032__li104126598554">All system-defined policies and custom policies are supported in SFS Turbo file systems.</li></ul>
</div>
<div class="section" id="sfs_01_0032__section142281352125915"><h4 class="sectiontitle">Process Flow</h4><div class="fignone" id="sfs_01_0032__fig625610403530"><a name="sfs_01_0032__fig625610403530"></a><a name="fig625610403530"></a><span class="figcap"><b>Figure 1 </b>Process for granting SFS permissions</span><br><span><img class="vsd" id="sfs_01_0032__image8257840115317" src="en-us_image_0000001567196497.png"></span></div>
<ol id="sfs_01_0032__ol23988231126"><li id="sfs_01_0032__li539812235120"><a name="sfs_01_0032__li539812235120"></a><a name="li539812235120"></a>Create a user group and assign permissions to it.<p id="sfs_01_0032__p2028474791210"><a name="sfs_01_0032__li539812235120"></a><a name="li539812235120"></a>Create a user group on the IAM console, and attach the <strong id="sfs_01_0032__b1481933717278">SFS Turbo ReadOnlyAccess</strong> policy to the group.</p>
</li><li id="sfs_01_0032__li214515333122">Create a user and add it to a user group.<p id="sfs_01_0032__p164319500123"><a name="sfs_01_0032__li214515333122"></a><a name="li214515333122"></a>Create a user on the IAM console and add the user to the group created in <a href="#sfs_01_0032__li539812235120">1</a>.</p>
</li><li id="sfs_01_0032__li1084136121217">Log in and verify permissions.<p id="sfs_01_0032__p865613303275"><a name="sfs_01_0032__li1084136121217"></a><a name="li1084136121217"></a>Log in to SFS Console using the created user, and verify that the user only has read permissions for SFS.</p>
<ul id="sfs_01_0032__ul162963396234"><li id="sfs_01_0032__li6296133992319">Choose <strong id="sfs_01_0032__b155714437612">Scalable File Service</strong>. Click <strong id="sfs_01_0032__b3651719877">Create File System</strong> on SFS Console. If a message appears indicating that you have insufficient permissions to perform the operation, the <strong id="sfs_01_0032__b181235122815">SFS Turbo ReadOnlyAccess</strong> policy has already taken effect.</li><li id="sfs_01_0032__li8296039182311">Choose any other service. If a message appears indicating that you have insufficient permissions to access the service, the <strong id="sfs_01_0032__b016611164296">SFS Turbo ReadOnlyAccess</strong> policy has already taken effect.</li></ul>
</li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="sfs_01_0031.html">Permissions Management</a></div>
</div>
</div>