检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating a User and Granting Permissions Use IAM to implement fine-grained permissions control over your BMSs. With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
Identity Authentication and Access Control Identity and Access Management (IAM) provides functions such as user identity authentication, permission assignment, and access control. You can use IAM to securely control user access to your BMSs.
IAM provides identity authentication, permissions management, and access control, helping you to securely access your Huawei Cloud resources. With IAM, you can create IAM users and assign permissions to control their access to specific resources.
IAM project/Enterprise project: A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management.
Create an IAM User If you want to allow multiple users to manage your resources without sharing your password or private key, you can create users using IAM and grant permissions to the users.
The following is part of the response body for the API used to create an IAM user. { "user": { "id": "c131886aec...
name "password": "********", // IAM user password "domain": { "name": "domainname" // Name of the account to which the IAM user belongs } } } }, "scope
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
Tenant Quota Management Permissions APIs Actions IAM Project Enterprise Project Querying the Tenant Quota GET /v1/{project_id}/baremetalservers/limits bms:serverQuotas:get √ x Parent topic: Permissions and Supported Actions
Flavor Query Permissions API Action IAM Project Enterprise Project Querying Details About Flavors and Extended Flavor Information GET /v1/{project_id}/baremetalservers/flavors bms:serverFlavors:get √ √ Parent topic: Permissions and Supported Actions
Metadata Management Permissions APIs Actions IAM Project Enterprise Project Updating the Metadata of a BMS POST /v1/{project_id}/baremetalservers/{server_id}/metadata bms:servers:updateMetadata √ √ Parent topic: Permissions and Supported Actions
NIC Management Permissions API Action IAM Project Enterprise Project Querying Information About BMS NICs GET /v1/{project_id}/baremetalservers/{server_id}/os-interface bms:servers:get √ √ Parent topic: Permissions and Supported Actions
Lifecycle Management Permissions API Action IAM Project Enterprise Project Creating a BMS POST /v1/project_id}/baremetalservers bms:servers:create √ √ Querying Details About BMSs GET /v1/{project_id}/baremetalservers/detail bms:servers:list √ √ Querying Details About a BMS GET /v1
Disk Management Permissions API Action Dependent Actions IAM Project Enterprise Project Detaching a Disk from a BMS DELETE /v1/{project_id}/baremetalservers/{server_id}/detachvolume/{attachment_id} bms:servers:detachVolume - √ √ Attaching a Disk to a BMS POST /v1/{project_id}/baremetalservers
Password Management Permissions API Action IAM Project Enterprise Project Querying Whether a BMS Supports Password Reset GET /v1/{project_id}/baremetalservers/{server_id}/os-resetpwd-flag bms:servers:get √ √ Resetting the BMS password PUT /v1/{project_id}/baremetalservers/{server_id
Status Management Permissions API Action IAM Project Enterprise Project Change the Name of a BMS PUT /v1/{project_id}/baremetalservers/{server_id} bms:servers:put √ √ Reinstalling the BMS OS POST /v1/{project_id}/baremetalservers/{server_id}/reinstallos bms:servers:reInstallOS √ √
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
Modified description of permissions in Introduction because of the optimization of the IAM management console. 2019-11-12 This issue is the fifth official release.
To obtain temporary AK/SK on a BMS, you need to create an agency for BMS on IAM and assign required resource permissions to BMS. For details, see Identity and Access Management User Guide.
