检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Policies that contain actions supported by both IAM and enterprise projects can take effect for user groups of both IAM and Enterprise Management. Policies that contain actions only supported by IAM projects can only take effect for IAM user groups.
"password": "********", //IAM user password "domain": { "name": "domainname" //Name of the account to which the IAM user belongs } } } }, "scope": {
Learning About RBAC This section describes how to use IAM to implement fine-grained permissions control for your COC resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
To-do Center Overview Main function of To-do Center: You can use a HUAWEI ID (primary SRE of the tenant) to create tasks for IAM users (sub-SREs of the tenant). For example, a company can create IAM accounts for different departments. Adding a To-do Ticket Log in to COC.
Listing IAM users iam:users:listUsersV5 Used to synchronize personnel information during personnel management. Obtaining Information about an IAM user iam:users:getUserV5 Used to synchronize personnel information during personnel management.
Solutions Log in to the IAM console as an administrator. In the user list, click Authorize in the row that contains the target user. Figure 1 Authorizing an IAM user Set Authorization Model to RBAC.
The basic user data on the O&M Engineer Management page is synchronized from Identity and Access Management (IAM) and is used by multiple basic functional modules in creating to-do tasks, performing scheduled O&M, managing notifications, managing incidents, and more.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
The basic user data in the O&M Engineer Management page is synchronized from IAM and is used by multiple basic functional modules, such as to-do task creation, scheduled O&M, notification management, and incident center.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
username) Minimum length: 1 character Maximum length: 64 characters reviewer_id String Reviewer ID (IAM user ID) Minimum length: 0 character Maximum length: 32 characters Request Example None Response Example None Status Code Status Code Description 200 Details About a Custom Script
username) Minimum length: 1 character Maximum length: 64 characters reviewer_id Yes String Reviewer ID (IAM user ID) Minimum length: 0 character Maximum length: 32 characters Table 4 ScriptParamDefine Parameter Mandatory or Not Type Description param_name Yes String The parameter
The API used to obtain a project ID is GET https://{Endpoint}/v3/projects, where {Endpoint} indicates the IAM endpoint. You can obtain the IAM endpoint from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
IAM provides identity authentication, permissions management, and access control, helping you to securely access your Huawei Cloud resources. If your HUAWEI ID does not require IAM for permissions management, you can skip this section. IAM can be used on Huawei Cloud for free.
Solutions Log in to the IAM console as an administrator. Choose Permissions > Policies/Roles and click Create Custom Policy. Figure 1 Creating a custom policy Set the policy content, select CloudOpsCenter, and select the operations you want to authorize by enterprise project.
Figure 4 Execution Type Select IAM Agency. The IAM agency is used to switch the user role during the runbook execution and execute the job. Figure 5 Selecting the IAM agency If you select Cross Account, you need to set the execution rule.
IAM Agency ServiceLinkedAgencyForCOC Scope of permissions that can be used by COC to execute jobs. Set the execution content.
username) Minimum length: 1 character Maximum length: 64 characters reviewer_id String Reviewer ID (IAM user ID) Minimum length: 0 character Maximum length: 32 characters Status code: 400 Table 6 Response body parameters Parameter Type Description error_code String Error code Minimum
username) Minimum length: 1 character Maximum length: 64 characters reviewer_id Yes String Reviewer ID (IAM user ID) Minimum length: 0 character Maximum length: 32 characters Table 5 ScriptParamDefine Parameter Mandatory or Not Type Description param_name Yes String The parameter
Access control You can use IAM to securely control access to your COC resources. For more information about IAM and COC permissions management, see Permissions Management. Parent topic: Security
