检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating a User and Granting CCI Permissions This section describes how to use IAM to implement fine-grained permissions control for your CCI resources. With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
IAM or enterprise projects: Type of projects for which an action will take effect. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management.
If both system roles (IAM RBAC authorization) and custom policies (IAM fine-grained authorization) are used, the permissions granted using IAM RBAC authorization take precedence over those granted using IAM fine-grained authorization.
If both system roles (IAM RBAC authorization) and custom policies (IAM fine-grained authorization) are used, the permissions granted using IAM RBAC authorization take precedence over those granted using IAM fine-grained authorization.
IAM provides identity authentication, permissions management, and access control, helping you securely access cloud resources. If your account does not require IAM for permissions management, you can skip this section. IAM is a free service.
IAM provides identity authentication, permissions management, and access control, enabling secure access to your cloud resources. With IAM, you can use your account to create IAM users, and assign permissions to the users to control their access to specific resources.
IAM project name, project id and project name should not be empty at same time --sk string IAM secret access key --token-only Return token only for other tool integration --user-name string IAM user name.
The admin permissions policy also applies to the IAM user James in the user group Developers. The IAM user James has view permissions on the namespace cci-namespace-demo-rbac01.
Figure 1 Template address Check Item3: IAM Users' Permissions to Download Images If you have enabled the Enterprise Management service, you need to use your account to grant IAM users with permissions to access SWR so that the IAM users can download private images of the account.
The following is part of the response body for the API used to create an IAM user. { "user": { "id": "c131886aec...
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
name "password": $ADMIN_PASS, //IAM user password.
It combines the advantages of Kubernetes Role-based Access Control (RBAC) authorization and Identity and Access Management (IAM) to provide a variety of authorization methods, including IAM fine-grained authorization, IAM token authorization, namespace-level authorization, and namespaced
You can use either of the following methods to grant permission to an IAM user: On the details page of an image, click the Permissions tab, click Add Permission, and then grant the read, write, or manage permission to the user.
and password is the IAM user password.
Category of CCI Actions Table 1 Namespace management actions Permissions API Action IAM Project Enterprise Project Creating a Namespace POST /api/v1/namespaces CCI:namespace:create √ √ Reading a Namespace GET /api/v1/namespaces/{name} CCI:namespace:get √ √ Listing Namespaces GET /
It can be obtained through the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.
It can be obtained through the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.
It can be obtained through the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token. Content-Type Yes String Message body type (format). The default value is application/json.
