Fine-grained Access Control to Resources
You can use Identity and Access Management (IAM) to implement fine-grained permission control over your Redis services. IAM users are required to avoid sharing the password of the account when multiple users work together with the same account.
After you register, the system automatically creates an account, which has full control over the resources it owns and can access all cloud services in the system. If your team or application needs to use your Redis resources, you can create an IAM user for an employee or application and grant the IAM user just the permissions required to complete the work. A newly created IAM user can use their own username and password to log in to the cloud service platform.
Before You Begin
Before implementing permission management and control based on IAM, you need to learn about the policy management for Redis, including the system policy management supported by Redis, and the authorization of resource granularity between the policies.
Authorization Process
The navigation pane on the left contains User Groups, Sub-users, Policy Management, and Enterprise Projects. The user can grant permissions to the resources based on their needs.
Process of granting Redis permissions: Create an IAM user -> Create a user group and grant Redis resource permissions -> Authorize the IAM user. The detailed steps are as follows:
Use the user management function in the eSurfing Cloud network portal to create IAM sub-users for employees or applications.
Step 1 The enterprise's eSurfing Cloud administrator uses a registered eSurfing Cloud account to log in to the eSurfing Cloud portal.
Step 2 Move the mouse to the user avatar in the upper right corner of the eSurfing Cloud homepage, and click Personal Center in the drop-down list.
Step 3 In the left menu of the center, click Master Account, Sub-Account and Authorization Management.
Step 4 On the page, click Sub-users in the navigation pane on the left.
Step 5 In the Sub-user management interface, click Create Sub-user.
Step 6 In the pop-up dialog box, enter the sub-user information.
Step 7 Click OK to create an IAM user and return to the list of sub-users, which will display the newly created IAM user.
Create a user group and grant Redis resource permissions
(1) Creating a User Group
Step 1 Use the registered eSurfing Cloud account to log in to the eSurfing Cloud portal.
Step 2 Move the mouse to the user avatar in the upper right corner of the eSurfing Cloud homepage, and click Personal Center in the drop-down list.
Step 3 In the left menu of the center, click Master Account, Sub-Account and Authorization Management.
Step 4 On the page, click User Groups in the navigation pane on the left.
Step 5 In the User Groups management interface, click Create User Group.
Step 6 Enter a User Group Name and Description, and then click OK.
Return to the user group list page, where the newly created user group will be displayed.
(2) Authorizing a User Group
Step 1 The enterprise administrator uses the registered eSurfing Cloud account to log in to the eSurfing Cloud portal.
Step 2 Click console on the top of the homepage, click the Management and Deployment category on the console page, and click Identity and Access Management Services.
Step 3 On the page, click User Groups on the left menu and click Authorize on the right side of the user group to be added.
Step 4 On the policy selection page, check the permissions that you want to grant to the user group. Click Next.
If the system policies do not meet your authorization requirements, you can click Create Policy in the upper right corner of the permission list to create a custom policy and check the newly created policy to perform fine-grained permission control. Custom policies are an extension and supplement to system policies. For details, please see Creating a Redis Custom Policy.
Granting Permissions to an IAM User
Step 1 The administrator uses the registered eSurfing Cloud account to log in to the eSurfing Cloud portal.
Step 2 Move the mouse to the user avatar in the upper right corner of the eSurfing Cloud homepage, and click Personal Center in the drop-down list.
Step 3 In the left menu of the center, click Master Account, Sub-Account and Authorization Management.
Step 4 On the page, click User Groups in the navigation pane on the left.
Step 5: Find the user group to be added and click User Management on the right side.
Step 6: Select the IAM sub-user and click Confirm to add the IAM user to the user group. After joining the user group, the IAM user has all the permissions for the user group to which it belongs.