检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating a User and Granting Permissions This chapter describes how to use IAM for fine-grained permissions control for your APM resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Creating a User and Granting Permissions This section describes the fine-grained permissions management provided by Identity and Access Management (IAM) for your APM. With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise.
For example, to obtain an IAM token in the AP-Singapore region, obtain the endpoint of IAM (apm2.ap-southeast-3.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
IAM or enterprise projects: Type of projects for which an action will take effect. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management.
IAM and enterprise projects: Type of projects for which an action will take effect. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management.
With IAM, you can use your cloud account to create IAM users for your employees, and assign permissions to the users to control their access to specific resources.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview. APM Permissions By default, new IAM users do not have any permissions assigned.
After creating an IAM user group for an employee using your cloud account, you can create an enterprise project on the Enterprise Management console and grant permissions to the user group in the enterprise project, realizing personnel authorization and permissions control.
Procedure Send POST https://Endpoint of IAM/v3/auth/tokens to obtain the endpoint of Identity and Access Management (IAM) and the region name in the message body. For details, see Endpoint of IAM.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created using an account to use cloud services. Each IAM user has their own identity credentials (password and access keys).
Create an agency on the IAM console and grant permissions to the agency as required.
The endpoints of IAM and APM have been obtained. In this example, the endpoint of IAM is iam_Endpoint, and the endpoint of APM is apm_Endpoint. Obtain the token for authentication. Enter POST https://IAM endpoint/v3/auth/tokens. In this example, IAM endpoint is iam_Endpoint.
The IAM verification fails. 200 apm2.01010004 has no privilege No permission. Ensure that you have required permission. 200 apm2.01010005 invalid parameter Invalid parameter. Invalid input parameters. Ensure that each parameter is valid. Parent topic: Appendix
Actions √: supported; x: not supported Table 1 API actions Permissions API Action IAM Project Enterprise Project Querying the application list GET /v1/{project_id}/atps/monitorgroups apm:inventory:get √ √ Querying the service list GET /v1/{project_id}/ats/applications apm:ats:get
The API for obtaining a project ID is GET https://{Endpoint}/v3/projects/, where {Endpoint} indicates the IAM endpoint. For details, see Regions and Endpoints.
The API is GET https://{Endpoint}/v3/projects/, where {Endpoint} indicates the Identity and Access Management (IAM) endpoint. For details, see Regions and Endpoints.
The application not associated with any enterprise project is managed based on the Identity and Access Management (IAM) permissions. Sub-application (global concept): similar to a folder. There can be up to three layers of sub-applications under an application.
When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token. A token specifies temporary permissions in a computer system.
Connected Deployment applications to APM. 2019-04-18 Obtained an Access Key ID/Secret Access Key (AK/SK) by creating an Identity and Access Management (IAM) agency. 2019-03-15 Supported customization of threshold rules and statistics for JVM monitoring. 2019-03-06 Optimized service
Figure 1 APM architecture Access APM: You can access APM by creating an Identity and Access Management (IAM) agency and implementing Access Key ID/Secret Access Key (AK/SK) authentication.
