Last updated：2021-10-29 17:57:41
Enterprise A has purchased multiple Kingsoft Cloud resources to deploy a project on Kingsoft Cloud. Employees or applications of Enterprise A need to use the resources. They have different responsibilities and therefore require different permissions. To reduce information security risks, Administrator A does not want to share the password or AccessKey of the Kingsoft Cloud account to all the employees, which is equivalent to granting all permissions to the employees. Enterprise A has the following requirements:
With the user management feature of IAM, Enterprise A can create IAM users for the employees or applications, and attach the minimum system policies necessary for the work to the IAM users. An IAM user can access Kingsoft Cloud resources in one of the following ways:
Enterprise A has deployed multiple projects on Kingsoft Cloud, and multiple resources are used for each project. Enterprise A has only one Kingsoft Cloud account, which contains hundreds of instances. Enterprise A intends to enable each project administrator to separately manage project members and their access permissions.
With the access control and project management features of IAM, Enterprise A can perform the following operations:
Create multiple projects for the applications and add resources to the corresponding projects.
Create IAM users and add them to the corresponding projects.
Attach the system policies necessary for the work to the IAM users so that the IAM users can manage only the resources of the projects they have joined.
Enterprise A has purchased multiple Kingsoft Cloud resources for its business, such as KEC instances, Kingsoft Cloud Relational Database Service (KRDS) instances, Server Load Balancing (SLB) instances, and Kingsoft Cloud Standard Storage Service (KS3) buckets. Enterprise A intends to grant some business permissions to Enterprise B. Enterprise A has the following requirements:
With the role management feature of IAM, Enterprise A can create an IAM role for the Kingsoft Cloud account of Enterprise B to access the Kingsoft Cloud console.