Granting permissions to user-account
Last update:2022-06-09 12:17:10
Overview
CDNetworks Console IAM(Identity provides flexible permission management tools by creating policies that define/have access-control rulesets have permissions of each action to perform functional operations of each product that you have contracted with CDNetworks products. Permissions in the policy are described as “Permission Effect” and determine whether the requests of end-users are allowed or denied. i.e. policy is a set of permissions about each action.
When you add permission to a user account, you attach the policy (system policy or custom policy) to a user account in CDNetworks Console IAM.
When you remove permissions to a user account, you detach the policy from a user account in CDNetworks Console IAM.
in this article, we introduce how to add/delete permissions to user accounts in the CDNetworks Console IAM in the following sections.
| Function Name | Descriptions | Remarks |
|---|---|---|
| Grant Permissions for a user account | When you add a policy to a user account on CDNetworks IAM console, the user account has each permission (“Denied” or “Allowed” of actions that are included in the policy. | |
| Revoke Permission for a user account | when you delete a policy to a user account on CDNetworks IAM console, the user account has no permissions of the policy. | |
| Modify Permissions for multiple user accounts | When you add a policy to multiple user accounts and multiple policies, the user accounts have each permission (“Denied” or “Allowed” of actions that are included in the multiple policies. if one action and its own permission exist at multiple policies and each permission has a different value - “Allowed” and “Denied”, the Deny of the action takes precedence over the Allowed of the action | |
| Associate/de-associate Permissions of Control-group | When you grant the permission to manage CDN domains, you should associate Control-group. if you remove the permission to access CDN domains, you de-associate control-group, in this menu , you can associate/de-associate Control-group as you want to manage |
Instructions
How to grant permission(s) to a user account
-
In the Users menu, you can add permission to the user account that you grant by click “Add Permission”.
-
After you select the policy that you grant the permissions to the user account at the tab “Select Policy”, and click the button “OK” to commit.
How to revoke permission(s) from a user account
-
In the User management menu, you can click the user account that you want to revoke permission(s).
-
After select “Permission” tab, you can click “Revoke Permission” that you want to remove the permissions from the user account.
-
After select “Permission” tab, you can click “Revoke Permission” that you want to remove the multiple permissions from the user account.
Add Permissions of multiple policies and multiple users
-
In the User management menu, you can click “Add Permission” on CDNetworks IAM console.
-
you can select multiple policies on “Select Policy” tab and select multiple user accounts on “Authorized Principal” box.
-
and then, you can complete granting when you click “OK”.
Associate/Revoke control-group for a user account
-
In the User management menu, you can check the current status of “Associated Control-group” and associated new control-group and de-associated control-group per user-account.
-
you can check current lists of “Associated Control-group” when you click “Control-group” tab.
-
you can click “Associate Control group” to assign the permission of control-group for a user account on CDNetworks IAM console.
-
you can also “Revoke Associated” to remove the permission of the control-group for a user account on CDNetworks IAM console
