User Management And Permission Configuration

<p class="shortdesc">This section describes how an enterprise can implement user management and permission configuration through RAM.</p> <section class="section" id="bestpractices0001__section_cz3_kfk_flb"><h2 class="doc-tairway">Background infromation</h2> <p class="p">Enterprise F 's project need cloud services, and open a master account on Ping An cloud and purchased multiple cloud services. There are many employees in the project operating these cloud resources with different responsible such as purchasing, operation and maintenance, and different required permissions. Out of the consideration for the security of cloud services deployed by enterprises, Enterprise F does not want to disclose the master account key directly to its employees,. Under this condition, F can open sub-accounts for employees through RAM and authorize different permissions to different employees. The expenses incurred by all sub-users are borne by the master account. The master account can change the permissions of the sub-users or delete the sub-users at any time.</p> <img class="image" id="bestpractices0001__image_p31_c3d_flb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20201604174729-1c78b4cf9107.png" width="800"> </section> <section class="section" id="bestpractices0001__section_imq_kfk_flb"><h2 class="doc-tairway">Demand analysis</h2> <ul class="ul" id="bestpractices0001__ul_nks_mfk_flb"> <li class="li">In order to prevent the risk of uncontrollable risk caused by the leakage of the master account password or AccessKey, it is forbidden for employees to share the master account.</li> <li class="li">Assign independent user accounts (or operator accounts) to different employees with independentpermissions can ensure consistent rights and duties.</li> <li class="li">There is no need to account for the cost of each operator separately, and the expenses incurred are included in the bill of the master account.</li> </ul> </section> <section class="section" id="bestpractices0001__section_hh5_kfk_flb"><h2 class="doc-tairway">Procedure</h2> <ol class="ol" id="bestpractices0001__ol_qbn_nfk_flb"> <li class="li">Create a RAM sub-account.</li> <li class="li">Create a custom policy.</li> <li class="li">Grant different permission policies for different RAM sub-accounts.</li> </ol> </section>
Did the above content solve your problem? Yes No
Please complete information!

Call us

400-151-8800

Email us

cloud@pingan.com

Online customer service

Instant reply

Technical Support

cloud products