检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating a User and Granting SCM Permissions This topic describes how to use IAM to implement fine-grained permissions control for your SCM resources. With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise.
Creating a User and Granting PCA Permissions to the User This topic describes how to use IAM to implement fine-grained permissions control for your PCA resources. With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise.
Identity Authentication and Access Control CCM works with Identity and Access Management (IAM). IAM permissions define which actions on your cloud resources are allowed and which actions are denied, to control access to your resources.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com)) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
If your Huawei Cloud account does not need individual IAM users for permissions management, you may skip over this topic. IAM is free. You pay only for the resources in your account. For more information about IAM, see What Is IAM.
IAM projects or enterprise projects: Scope of users a permission is granted to. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management.
For security purposes, create IAM users and grant them permissions for routine management. User An IAM user is created using an account to use cloud services. Each IAM user has its own identity credentials (password and access keys).
Identity and Access Management (IAM) IAM provides the permission management function for CCM. Only users who have PCA FullAccess and SCM FullAccess permissions can use CCM. To obtain the permissions, contact the users who have the Security Administrator permissions.
Your account and the IAM users created under your account share the quota of the 20 test certificates. For example, if an account has applied for 20 test certificates, no test certificate quota is available for this account or the IAM users it creates.
Your account and the IAM users created under your account share the quota of the 20 test certificates. For example, if an account has applied for 20 test certificates, no test certificate quota is available for this account or the IAM users it creates.
SSL Certificate Manager (SCM) Authorization information of APIs (v3) Permission API Action Dependent Permission IAM Project (Project) Enterprise Project (Enterprise Project) Querying the certificate list GET /v3/scm/certificates scm:cert:list - √ x Obtaining details of a certificate
Test Certificate Paid Certificate Security Level General High Compatibility with the certificate running environment General High SSL certificate warranties from CAs Not supported Supported Restrictions on certificate quantity 20 free certificates for each account, including its IAM
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication.
If you want to cancel the authorization, go to the IAM console to delete the PCAAccessPrivateOBS agency from the agency list. After the permission has been granted, follow-up operations do not require the permission to be granted again.
If you want to cancel the authorization, go to the IAM console to delete the agency from the agency list. Once you complete the authorization, it will not be required again in the subsequent operations. Enable CRL publishing Whether to enable CRL publishing.
When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token. A token specifies temporary permissions in a computer system.
Response Parameters Status code: 200 Table 2 Response body parameters Parameter Type Description agency_id String Authorization ID returned by IAM when an OBS agency is created.
Your account and the IAM users created under your account share the quota of the 20 test certificates. For example, if an account has applied for 20 test certificates, no test certificate quota is available for this account or the IAM users it creates.
If you want to cancel the authorization, go to the IAM console to delete the PCAAccessPrivateOBS agency from the agency list. After the permission has been granted, follow-up operations do not require the permission to be granted again.
Step 1: Creating an Agency To use FunctionGraph to update the ECS server certificate, you need to grant the SCM FullAccess and IAM ReadOnlyAccess permissions to FunctionGraph. Log in to the management console.
