Fine-grained Access Control Over Resources
After registration, the system will automatically create an account for you. This account has full control over its owned resources and can access all cloud services in the system.
When you create various resources—such as the Elastic Cloud Server (ECS), Elastic Volume Service (EVS), and Dedicated Physical Server (DPS)—your team or applications may need access to these resources. To facilitate this, you can create IAM users for employees or applications, granting them only the permissions necessary to perform their tasks. Newly created IAM users can log in to the cloud service platform using their own unique username and password. The purpose of IAM users is to enable multi-user collaboration under a single account without the need to share the account password.
Cross-account Resource Operations and Authorization
If you create multiple resources and want one of them to be managed by another account, you can use the delegation feature provided by IAM.
For example, if you wish to delegate resource O&M to a professional third-party O&M company, IAM's delegation feature allows the company to use its own account to operate the resources you've delegated. Should the delegation relationship change, you can modify or revoke the maintenance company's authorization at any time.
In the diagram below:
l Account A represents the delegating party
l Account B represents the delegated party
