Company A's teams are divided into the Admin Team, Development Team, and Test Team. Since the system has a default built-in Admin Team with full access to manage all account resources, Company A only needs to create the Development Team and Test Team in IAM.
Creating a User Group
Step 1: The administrator of Company A logs into the official eSurfing Cloud website using a registered account.
Step 2: Click the account name in the upper-right corner, then select Personal Center from the dropdown menu.
Step 3: In the left navigation pane of Personal Center, click IAM.
Step 4: In the left navigation pane of the IAM , click User Group.
Step 5: On the User Group management page, click Create User Group in the upper-right corner.
Step 6: Enter the User Group Name and Description, then click Confirm.
After returning to the User Group list page, the newly created user group will be displayed. Follow the same process to create both the Development Team and Test Team.
Granting Permissions to a User Group
Company A's development members require access to cloud services, including ECS, VPC, and EVS. The Development Team is granted administrator permissions for these services. The testing members need access to CES, so the Test Team should be granted corresponding permissions. Only after completing these authorizations can group members access these cloud services.
Step 1: The Company A administrator logs into the eSurfing Cloud official website using a registered account.
Step 2: Click the Console at the top of the homepage. Under the Management and Deployment category, select Unified ID Authentication.
Step 3: On the IAM console page, navigate to the left menu and click User Group. Locate the pre-created Development Team, then click Accredit on the right.
Step 4: On the User Group Permissions Management page, select the service permissions to be granted to the user group. In this example, add the three policy authorizations—ECS Admin, VPC Admin, and EVS Admin—to the Development Team, then click Next.
Step 5: Select the authorization scope as Designated resource pool, then choose the target region and project (i.e., the resource pool) to grant permissions. Click Confirm. Once configured, the Development Team will only have operational permissions in the authorized regions. Attempting to access other regions will result in a "No permissions" prompt.
Step 6: Click Certain to complete the permission assignment for the user group.
Following the method described in Steps 3 to 5, grant the CES Administrator permission to the Test Team.