检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
(Optional) Create IAM users and set permissions. Create IAM users for employees based on the organizational structure of your enterprise, and grant different access permissions to them. (Mandatory) Purchase a cloud host.
Using IAM to Grant Access to AOM Creating a User and Granting Permissions Creating a Custom Policy
Enhancing Permissions Management and Improving Access Control To assign different permissions to employees in your enterprise to access AOM resources, IAM is a good choice for fine-grained permissions management.
For the API for creating an IAM user, the following message body is returned. The following describes part of the response body. { "user": { "id": "c131886aec...
IAM can be used free of charge. You pay only for the resources in your account. For more information, see IAM Service Overview. AOM Permissions By default, new IAM users do not have any permissions assigned.
Access Control If you need to assign different permissions to employees in your enterprise to access your AOM resources, IAM is a good choice for fine-grained permissions management. IAM provides identity authentication, fine-grained permissions management, and access control.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. IAM User An IAM user is created using an account to use cloud services. Each IAM user has its own identity credentials (password and access keys).
Introduction You can use Identity and Access Management (IAM) for fine-grained permissions management of your AOM. If your HUAWEI ID does not need individual IAM users, you can skip this topic. With IAM, you can control access to specific Huawei Cloud resources.
Access Control If you need to assign different permissions to employees in your enterprise to access your AOM resources, IAM is a good choice for fine-grained permissions management.
Solution Contact the administrator (account to which the IAM user belongs) to add the SMN access permission. To add the permission, do as follows: Log in to IAM as the administrator, and add the SMN access permission to the IAM user.
Prerequisites You have been granted AOMFullAccessPolicy, iam:agencies:createAgency, and iam:agencies:deleteAgency permissions. For details about how to grant permissions, see Creating a User Group and Assigning Permissions.
Replace the italic fields in bold with the actual values. accountid: ID of the account to which the IAM user belongs. username: name of the IAM user to be created. email: email address of the IAM user. **********: password of the IAM user.
"cce:cluster:get", "cce:cluster:list", "cce:node:get", "cce:node:list" ] } ] } Parent topic: Using IAM
Create a user group on the IAM console, and assign the AOM ReadOnlyAccess policy to the group. Create an IAM user. Create a user on the IAM console and add the user to the group created in 1. Log in and verify permissions.
Parent topic: Using IAM to Grant Access to AOM
Creating a User and Granting Permissions This section describes the fine-grained permissions management provided by IAM for your Automation. With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise.
Log APIs √: supported; x: not supported Table 1 Log APIs Permission API Action IAM Project Enterprise Project Querying logs POST /v1/{project_id}/als/action aom:log:list √ × Parent topic: Actions Supported by Policy-based Authorization
Solution Log in to the IAM console as an administrator. On the Users page, locate the target username and click Authorize in the Operation column. Select the RBAC authorization model and click Next.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview. AOM Permissions By default, new IAM users do not have any permissions assigned.
