检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating a User and Assigning OMS Permissions This chapter describes how to use IAM for fine-grained permissions control for your OMS resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
If your Huawei Cloud account does not need individual IAM users for permissions management, you can skip this section. For more information about IAM, see IAM Service Overview. OMS Permissions By default, new IAM users do not have any permissions.
The following shows part of the response body for the API to create an IAM user.
Available in all regions SDK Overview Permissions Management OMS allows you to use IAM to implement fine-grained permissions control on your OMS resources. With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise.
To ensure account security, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
If you select Programmatic Access for Access Mode, an AK/SK pair will be automatically generated for the IAM user. Assign permissions to the IAM user. Locate the subuser and click Add Permissions in the Actions column.
Access Control You can use Identity and Access Management (IAM) to securely control access to your OMS resources. For more information, see Creating a User and Assigning OMS Permissions. Parent topic: Security
API Constraints When you call OMS APIs, an IAM token is required for authentication.
Choose IAM & Admin > Service Accounts. On the Service accounts page, click CREATE SERVICE ACCOUNT. Enter the basic information about the account, such as the name and description. Choose Quick access > Basic > Viewer to assign the basic Viewer role to the service account.
destination_ak Destination SK: destination_sk Source bucket name: source_bucket Destination bucket name: destination_bucket Source type: cloud_type Procedure Obtain the token of the IAM user.
Minimum length: 0 characters Maximum length: 255 characters Request Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String The token used for IAM authentication.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
Resource Type Description Migration task Task Migration task resource Migration task group TaskGroup Migration task group resource Synchronization task SyncTask Synchronization task resource Evaluation task ObjectAssessTask Evaluation task resource All All All OMS resources in an IAM
Minimum length: 1 character Maximum length: 1,024 characters Request Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String The token used for IAM authentication.
On the top navigation bar, click the username and choose IAM > User Management. Click Invite Sub Account. Specify Access Mode, Email and Username, and click OK. If you select API for Access Mode, an AK/SK pair will be automatically generated.
On the Console Home page, select the IAM service. In the navigation pane, choose Users. In the upper right corner, click Create user. On the Specify user details page, under User details, in User name, enter the name for the new user. Click Next.
When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token. A token specifies temporary permissions in a computer system.
Minimum length: 1 character Maximum length: 1,024 characters Request Table 2 Request header parameter Parameter Mandatory Type Description X-Auth-Token Yes String The token used for IAM authentication.
Minimum length: 1 character Maximum length: 1,024 characters Request Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String The IAM token authentication.
