检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Table 5 users Parameter Type Description name String IAM username. links Object IAM user resource link information. domain_id String ID of the account used to create the IAM user. enabled Boolean Enabling status of the IAM user. true (default value) indicates that the user is enabled
Create a user group on the IAM console, and assign the DLI ReadOnlyAccess permission to the group. Create an IAM user. Create a user on the IAM console and add the user to the group created in 1. Log in and verify permissions.
Relationship Between IAM Identities and Operators Huawei Cloud IAM provides the following types of identities: IAM users, IAM agencies, cloud service agencies, IAM Identity Center users, and federated users.
All IAM Policies Are in Use Rule Details Table 1 Rule details Parameter Description Rule Name iam-policy-in-use Identifier iam-policy-in-use Description If an IAM policy has not been attached to any IAM users, user groups, or agencies, this policy is noncompliant.
All IAM Roles Are in Use Rule Details Table 1 Rule details Parameter Description Rule Name iam-role-in-use Identifier iam-role-in-use Description If an IAM role has not been attached to any IAM users, user groups, or agencies, this role is noncompliant.
Calling APIs Through IAM Authentication Token Authentication AK/SK Authentication
startIdentityCenter Grants permission to enable IAM Identity Center. write - - IdentityCenter:instance:deleteIdentityCenter Grants permission to disable IAM Identity Center. write - - IdentityCenter:instance:list Grants permission to query the IAM Identity Center instance list. list
For details about the condition keys defined by IAM Access Analyzer, see Conditions. The following table lists the actions that you can define in SCP statements for IAM Access Analyzer.
For details about the condition keys defined by IAM Identity Broker, see Conditions. The following table lists the actions that you can define in policy statements for IAM Identity Broker.
Granting an IAM User the Read Permissions on Specific Objects Scenario This topic describes how to grant an IAM user the read permissions on an object or a set of objects in an OBS bucket.
Granting an IAM User the Specified Permissions on Specified Objects Scenario This topic describes how to grant an IAM user the permissions required to download specific objects from a bucket.
Creating an IAM User and Granting Organizations Permissions This section describes how a management account creates an IAM user and grants organization administrator permissions to the user.
Parent topic: IAM Users
Logging In as an IAM User and Verifying Permissions Log in to the console using the IAM user you created and verify the permissions. Assume that an IAM user has only the OCR ReadOnlyAccess permission, that is, the read-only access permission.
Creating a User Group and an IAM User Creating a User Group Log in to the IAM console using a master account. On the IAM console, choose User Groups from the navigation pane, and click Create User Group in the upper right corner. In the displayed page, enter a user group name.
Security Auditing on Permissions of IAM Users Scenario Enterprise users usually need to periodically audit the permissions of IAM users created in the public cloud, ensuring that IAM users only have the permissions required to complete certain tasks.
Synchronizing IAM Users to MRS IAM user synchronization is to synchronize IAM users bound with MRS policies to the MRS system and create accounts with the same usernames but different passwords as the IAM users.
What Are the Differences in Access Control Between IAM and Organizations? They grant permissions to different entities. IAM policies define permissions for IAM users, IAM user groups, and IAM agencies in an account.
Parent topic: Interconnecting an MRS Cluster with OBS Using an IAM Agency
Granting Permissions to IAM Users Creating Users and Assigning DLV Permissions Parent topic: Preparatory Work
