The following describes the master and sub-accounts and CTIAM of the DDS product.
Scenario
The DDS product is connected with the CTIAM permission system for access control of user access and operation resources from the aspects of console operation function and OpenAPI.
Constraints
At present, the "Enterprise Project" selected when an instance is ordered cannot be changed after the instance is activated.
Feature Overview
Master user: This is the account automatically created upon registration on eSurfing Cloud. The user has full access to the resources under the account, and can reset the user password as well as grant user permissions. If multiple people want to use the same eSurfing Cloud resources, it is recommended that you use sub-users for daily management to ensure account security.
Sub-user: This is the account created in the User Center with IAM permissions granted. The username and password of a sub-user are controlled by the user that grants IAM permissions. Sub-users can also log in to the eSurfing Cloud console. The login portal is the same as that of the master user. However, the resources they have access to are subject to their permissions granted.
Policy: Refers to a language that describes a group of permission sets. It can accurately describe authorized resource sets and operation sets. With a policy, users can freely match the permission sets that need to be granted. By granting a policy to a user group, users in the user group can obtain the permissions defined in the policy.
Permissions: Permissions are assigned to products and are used to describe the triplets of specific operations on resources. For example, "ds.instance.restart" belongs to the DDS product and has permission to restart the instance. You can configure the permissions of the user group in policy management.
System Policy: Maintained by the product team. This involves common permission sets preset in the system, mainly for administrator permissions, normal user permissions, and read-only user permissions of multiple cloud services. System policies can only be used for authorization in the IAM console and cannot be edited or modified.
Custom Policy: Permission sets that are created and managed by users in the IAM console. These permissions are an extension and supplement to system policies.
Enterprise Project: The foundation for implementing fine-grained permission control over an enterprise organization. Cloud resources and enterprise members are managed by enterprise projects. User groups with authorization are bound with cloud resources through enterprise projects. Users' permissions to use cloud resources in enterprise projects are subject to the permissions of the user groups. You can select an enterprise project to which the DDS project belongs on the instance order page.
Procedure
Select My at the top right corner of the home page of the eSurfing Cloud official website, and click Personal Center to go to the personal center screen.
In the left navigation pane, click Master and Sub-accounts and Authorization Management to go to the master and sub-accounts management page.
The navigation pane on the left contains User Groups, Sub-users, Policy Management, and Enterprise Projects. The user can grant permissions to the resources based on their needs.
On the DDS management console, you can select the instance to display under the enterprise project from the Enterprise Project drop-down list at the top of the page.
The button permissions in the DDS management console can control the permissions of user groups in Policy Management.