Creating a user-account

This chapter describes how to create a valid user.

Brief Workflow Introduction

Why Customer want to create a user?
-Customers have multiple businesses, he wants to assign different people or departments or agent companies to manage the business separately.

Basic steps to create a user
-create a user name, then give permission to the user. thus the user is valid to operate on Console.
-permission concludes two parts: function and resource
-function: means how does a user can do on Console. for example, check bandwidth report and deploy back-to-origin configuration can be functions.
-resource: means the objects that a user can implement function to. for example, a domain can be resource for CDN products.
Note

1. for CDN and security products: Policy is a function, control group is a resource.
2. for the other products: Policy is the combination of function and resource.

Next, we are going to show the detailed steps of creating a new user-account.

Step 1: Access IAM

Step 2: Create User and grant policy

1. Click Users→ Create User
   
2. Fill in user information and submit.
   
3. the password and Access key display only once after user is created due to security consideration, Customer need to copy first.
   
4. The new created user shown on the user list. (the user has no permission now)
5. Grant Policy: Click Add Permissions
   If you don’t know what policy is, please see basic concept chapter first.
   
6. Select the existed system or custom policy that you want to grant to the user, click save
   
   Note:
   -Support policy name fuzzy search.
   -Policy note is for customer to understand what the policy is used.
   -Allow to create new custom policy, will introduce this function in below paragraph.

Step 3: Grant existed control group to user

Control group is a group of domains of CDN and security products. for other products such as Object Storage, CloudDNS, there is no control group. only CDN/security product customers need this step. (Check Basic concept to know more about control group)
If user X is granted domain A,B,C, then User X will have permission to check the traffic of domain A,B,C and implement domain configuration on Console.
An accelerated domain can be part of multiple Control Groups, and a single user can be assigned to multiple Control Groups as well.

Click Control group management, find the control group, click edit

select the user that you want to grant the control group to, click submit

If current control group is not satisfied, Customer can create new control group, and assign to the user.

Step 4: Create new control group and grant to the user

1. Entrance: IAM → Permissions → Control Group MGMT
   

2. Click “Create” button. Then the page will be redirected to the add page.
   

3. The add page consists of three parts: Basic Information,Control Group detail and Control group shaing.
   
   

4. Functions are described as follows:

5. Customer fill in control group name, select domain into control group, share(grant) to user, then submit. then the new control group is created as the type of “User Customized” automatically, and control group granting is completed.
   

6. Customer can click on Edit button to edit the User Customized control group.
   

7. The module of Edit Control Group shows information and allows customer to edit the information. The page shares the same three parts with Creat New Control Group.However, the primary account(main account) is not editable.
   

How to create Custom Policy for CDN/Security products

1. Access IAM.
2. On the left navigation, click Policies under Permissions.
3. On the Policies page, click Create Policy.
4. Choose the creation way: Create with functions
   
5. Fill in policy name and policy note
   
6. Click Add Policy. Specify the permission effect, product and actions，then click 【Save】.
   
7. Click submit