检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating a User and Granting BCS Permissions This section describes how to use IAM to implement fine-grained permissions control for your BCS resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management. Policies that only contain actions for IAM projects can be used and applied to IAM only.
For example, to obtain an IAM token in the CN North-Beijing1 region, obtain the endpoint of IAM (iam.cn-north-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token through password authentication.
With IAM, you can use your Huawei Cloud account to create IAM users, and assign permissions to the users to control their access to specific resources.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. IAM user A user is created in IAM to use cloud services. Each user has its own identity credentials (password and access keys).
Obtain the Security Administrator permission on the IAM console before granting BCS permissions. For details, see Creating a User Group and Assigning Permissions. Parent topic: Permissions Management
Check item 2: Check whether the permissions of the IAM user are insufficient. If the instance is purchased by using an IAM user, obtain permissions by following instructions in Permissions Management. Check item 3: Check the details error information. Log in to the BCS console.
When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token. A token specifies temporary permissions in a computer system.
You can obtain the token by calling the IAM API used to obtain a user token. Table 3 Request body parameters Parameter Mandatory Type Description org_names Yes Array of strings Organization name list.
You can obtain the token by calling the IAM API used to obtain a user token. Response Parameters Status code: 200 Table 3 Response body parameters Parameter Type Description operation_id String Request result.
You can obtain the token by calling the IAM API used to obtain a user token. Table 3 Request body parameters Parameter Mandatory Type Description org_name Yes String Organization name. You can enter only one organization name. peers Yes Integer Number of peers to be removed.
After you set any action, the permissions for the action will be granted to the IAM user.
Table 4 InvitationDetail Parameter Mandatory Type Description invited_user Yes String IAM user name of the invitee. status No String Invitation status. The options are as follows: quit, waiting, reject, and released. Invitation in other states cannot be deleted.
You can obtain the token by calling the IAM API used to obtain a user token. Table 3 Request body parameters Parameter Mandatory Type Description type Yes String Entity type. Options: org (peer organization) plugin (add-on) Default value: org. entity_name No String Entity name.
You can obtain the token by calling the IAM API used to obtain a user token. Table 3 Request body parameters Parameter Mandatory Type Description metric_names No Array of strings Metrics.
You can obtain the token by calling the IAM API used to obtain a user token. Table 3 Request body parameters Parameter Mandatory Type Description time_range No String Value range of metrics. metric_names No Array of strings Metrics.
You can obtain the token by calling the IAM API used to obtain a user token. Table 3 Request body parameters Parameter Mandatory Type Description metric_names No Array of strings Metrics.
You can obtain the token by calling the IAM API used to obtain a user token. Table 3 Request body parameters Parameter Mandatory Type Description type Yes String Entity type.
Table 1 Actions and system permissions of enhanced Hyperledger Fabric blockchains Item API Action IAM (Project) Enterprise (Enterprise Project) Querying Quotas GET /v2/{project_id}/quotas bcs:fabricInstance:listQuota √ √ Querying Flavors GET /v2/{project_id}/blockchains/flavors bcs
Prerequisites Only IAM users with robust permissions can subscribe to BCS instances. For details, see Permissions Management. You can create a user group, grant permissions to the user group, and then add the user to the user group.
