This topic describes how to group services and authorize different roles to manage
services in different groups by using the tagging feature.
Sample scenario
You have created 10 services in the Function Compute console. You want to authorize
the dev team to manage five services and the ops team to manage the other five services.
The dev and ops teams can view only the services that they are authorized to manage.
You can the tagging feature to add teams to different groups and grant different permissions
to different groups. In this scenario, you can attach the team:dev tag to five services
and the team:ops tag to the other five services.
Procedure
- Attach the team:dev tag to the five services that you will authorize the dev team
to manage, and attach the team:ops tag to the five services that you will authorize
the ops team to manage. For more information, see Create tags.
- Create a RAM user.
- Create a RAM user group.
Create two user groups named dev and ops.
- Add a RAM user to a RAM user group.
Create RAM users and add them to the corresponding user groups.
- Grant different permissions to these two user groups.
Function Compute supports system policies and custom policies. You can select a proper
policy based on actual needs.
After authorization is completed, the RAM users in the dev user group can manage only
the services tagged with team:dev and the RAM users in the ops user group can manage
only the services tagged with team:ops.