Enterprise Project Permissions
Administrator: The administrator can perform any operations on the Enterprise Project Management page.
IAM user: An IAM user's permissions are granted by the administrator. After an IAM user logs in to the Enterprise Project Management page, the IAM user sees only the enterprise projects assigned by the administrator, and can only manage the resources allocated by the administrator. If the administrator assigns a policy for an IAM user, the IAM user has all the permissions included in the policy.
The administrator can grant permissions specified in the default policies or custom policies to users. Policies related to enterprise projects include EPS FullAccess, EPS ReadOnlyAccess and Enterprise Project BSS FullAccess. You can configure enterprise project permissions for users in IAM. For details, see the Identity and Access Management User Guide.
The enterprise project permission management feature has been integrated into IAM. You can grant enterprise project permissions to users and user groups on the IAM console. For details, see Assigning Permissions to an IAM User and Creating a User Group and Assigning Permissions.
Service Name |
Permission Name |
Permission Description |
Typically Associated Personnel |
---|---|---|---|
Enterprise Management |
EPS FullAccess |
|
Enterprise asset administrators |
EPS ReadOnlyAccess |
Read-only permissions for a specific or all enterprise projects
|
Enterprise asset query personnel |
|
Enterprise Project BSS FullAccess |
Permissions for operations management of enterprise projects. The detailed permissions are as follows:
NOTE:
The order payment permissions of yearly/monthly products are at the account level, and the Enterprise Project BSS FullAccess permissions are specific to IAM users. Therefore, the Enterprise Project BSS FullAccess permissions do not include the order payment permissions of yearly/monthly products. |
Enterprise asset administrators |
Operation |
EPS FullAccess |
EPS ReadOnlyAccess |
Enterprise Project BSS FullAccess |
---|---|---|---|
Viewing resources in an enterprise project |
√ |
√ |
× |
Creating an enterprise project |
√ |
× |
× |
Modifying an enterprise project |
√ |
× |
× |
Enabling an enterprise project |
√ |
× |
× |
Disabling an enterprise project |
√ |
× |
× |
Adding a resource to an enterprise project |
√ |
× |
× |
Removing a resource from an enterprise project |
√ |
× |
× |
Viewing fund quota settings of an enterprise project |
× |
× |
√ |
Viewing fund quota adjustment records of an enterprise project |
× |
× |
√ |
Viewing renewal details of an enterprise project |
× |
× |
√ |
Enabling or disabling auto-renewal and manual renewal for a resource, changing billing mode from pay-per-use to yearly/monthly for a resource, and releasing a resource |
× |
× |
√ |
Viewing a yearly/monthly order |
× |
× |
√ |
Placing a yearly/monthly order |
× |
× |
√ |
Unsubscribing from resources and viewing unsubscription records |
× |
× |
√ |
Viewing the expenditure summary of an enterprise project |
× |
× |
√ |
Exporting the expenditure summary of an enterprise project |
× |
× |
√ |
Viewing expenditure details of an enterprise project |
× |
× |
√ |
Exporting expenditure details of an enterprise project |
× |
× |
√ |
Viewing the cost breakdown information of an enterprise project |
× |
× |
√ |
Exporting the cost breakdown information of an enterprise project |
× |
× |
√ |
- EPS FullAccess: This policy grants all EPS permissions. The following is the policy content:
{ "Version": "1.1", "Statement": [ { "Action": [ "eps:enterpriseProjects:update", //Modify an enterprise project. "eps:enterpriseProjects:create", //Create an enterprise project. "eps:enterpriseProjects:enable", //Enable an enterprise project. "eps:enterpriseProjects:disable", //Disable an enterprise project. "eps:resources:list", //Query resources in an enterprise project. "eps:resources:add", //Add a resource to an enterprise project. "eps:resources:remove", //Remove a resource from an enterprise project. "iam:groups:list", "iam:policies:list", "iam:enterpriseProjectGroups:combine", "iam:enterpriseProjectGroups:listGroups", "iam:enterpriseProjectGroups:listPolicies", ], "Effect": "Allow" } ] }
- EPS ReadOnlyAccess: This policy grants the permissions to view basic information. The following is the policy content:
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "eps:resources:list", "iam:enterpriseProjectGroups:listGroups", "iam:enterpriseProjectGroups:listPolicies" ] } ] }
- Enterprise Project BSS FullAccess: This policy grants all the operations permissions of an enterprise project. The following is the policy content:
{ "Version": "1.1", "Statement": [ { "Action": [ "bss:enterpriseProjectFundQuota:view", //View fund quota settings of an enterprise project. "bss:enterpriseProjectFundQuotaFinance:view", //View fund quota adjustment records of an enterprise project. "bss:renewal:view", //View renewal details of an enterprise project. "bss:renewal:update", //Enable or disable auto-renewal and manual renewal for a resource, change billing mode from pay-per-use to yearly/monthly for a resource, and release a resource. "bss:order:view", //View a yearly/monthly order. "bss:order:update", //Place a yearly/monthly order. "bss:unsubscribe:update", //Unsubscribe from resources and view unsubscription records. "bss:bill:view", //View the expenditure summary of an enterprise project. "bss:bill:update", //Export the expenditure summary of an enterprise project. "bss:billDetail:view", //View expenditure details of an enterprise project. "bss:billDetail:update" //Export expenditure details of an enterprise project. "bss:consumption:view", //View the expenditure breakdown information of an enterprise project. "bss:consumption:update" //Export the expenditure breakdown information of an enterprise project. ], "Effect": "Allow" } ] }
For an IAM user that has used an enterprise project, the permissions may change (the default enterprise project cannot be viewed, resources cannot be viewed, or resources cannot be added to or removed from an enterprise project). Configure policies based on the required permissions. For details, see Procedure.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot