检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
IAM username or email address Alice IAM username or email address entered during the user creation. You can obtain the IAM username and IAM user's initial password from the administrator. IAM user password ******** Password of the IAM user, rather than the account.
Creating a User and Adding the User to a User Group On the IAM console, create an IAM user and add it to the user group created in 1. Log in as an IAM user and verify the permissions.
With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user is assigned their own unique credentials for accessing CSS resources.
Check Whether the Account or IAM User Has the Custom Word Dictionary Permission Check the user group that the current account or IAM user belongs to. For details, see Viewing or Modifying IAM User Information in Identity and Access Management User Guide.
", "iam:permissions:grantRoleToAgency", "iam:permissions:listRolesForAgencyOnProject", "iam:permissions:revokeRoleFromAgency", "iam:roles:createRole" To use an IAM agency, the following minimum permissions are required: "iam:agencies:listAgencies", "iam:agencies:getAgency", "iam:permissions
API for obtaining tokens from IAM API for creating CSS clusters Procedure Obtain the token. Send POST https://IAM endpoint/v3/auth/tokens. Obtain the token by following instructions in Authentication. The value of X-Subject-Token in the response header is the user token.
", "iam:permissions:grantRoleToAgency", "iam:permissions:listRolesForAgencyOnProject", "iam:permissions:revokeRoleFromAgency", "iam:roles:createRole" To use an IAM agency, the following minimum permissions are required: "iam:agencies:listAgencies", "iam:agencies:getAgency", "iam:permissions
", "iam:permissions:grantRoleToAgency", "iam:permissions:listRolesForAgencyOnProject", "iam:permissions:revokeRoleFromAgency", "iam:roles:createRole" To use an IAM agency, the following minimum permissions are required: "iam:agencies:listAgencies", "iam:agencies:getAgency", "iam:permissions
(Not Recommended) Automatically Setting Basic Configurations of a Cluster Snapshot Function This API is used to configure basic settings for automatic cluster snapshot creation, including automatically creating an IAM agency and the OBS bucket and file path used for storing snapshots
", "iam:permissions:grantRoleToAgency", "iam:permissions:listRolesForAgencyOnProject", "iam:permissions:revokeRoleFromAgency", "iam:roles:createRole" To use an IAM agency, the following minimum permissions are required: "iam:agencies:listAgencies", "iam:agencies:getAgency", "iam:permissions
", "iam:permissions:grantRoleToAgency", "iam:permissions:listRolesForAgencyOnProject", "iam:permissions:revokeRoleFromAgency", "iam:roles:createRole" To use an IAM agency, the following minimum permissions are required: "iam:agencies:listAgencies", "iam:agencies:getAgency", "iam:permissions
CSS Permissions Management Using IAM Roles or Policies to Grant Access to CSS Using IAM Identity Policies to Grant Access to CSS Example: Granting IAM Users the Permission to Create CSS Clusters
With identity policy-based authorization, the IAM user must be granted the permissions allowing for action iam:agencies:pass. Parent topic: Permissions and Supported Actions
Some operations depend on the following permissions: View the agency list: iam:agencies:listAgencies iam:permissions:listRolesForAgency iam:permissions:listRolesForAgencyOnProject Automatically create an agency: iam:agencies:listAgencies iam:agencies:createAgency iam:permissions:grantRoleToAgency
agencies:listAgencies iam:permissions:listRolesForAgency iam:permissions:listRolesForAgencyOnProject iam:agencies:pass - css:logstream:updateImportTask dms:instance:list dms:topic:list css:cluster:getAgencies iam:agencies:listAgencies iam:permissions:listRolesForAgency iam:permissions
For example, if you want to create an IAM user, use the IAM endpoint of any region (for example, for CN-Hong Kong, the IAM endpoint is iam.ap-southeast-1.myhuaweicloud.com) and combine it with the resource-path (/v3.0/OS-USER/users) in the URI of the API for creating an IAM user (
", "iam:permissions:grantRoleToAgency", "iam:permissions:listRolesForAgencyOnProject", "iam:permissions:revokeRoleFromAgency", "iam:roles:createRole" To use an IAM agency, the following minimum permissions are required: "iam:agencies:listAgencies", "iam:agencies:getAgency", "iam:permissions
", "iam:permissions:grantRoleToAgency", "iam:permissions:listRolesForAgencyOnProject", "iam:permissions:revokeRoleFromAgency", "iam:roles:createRole" To use an IAM agency, the following minimum permissions are required: "iam:agencies:listAgencies", "iam:agencies:getAgency", "iam:permissions
agencies:createAgency", "iam:permissions:listRolesForAgency", "iam:permissions:grantRoleToAgency", "iam:permissions:listRolesForAgencyOnProject", "iam:permissions:revokeRoleFromAgency", "iam:roles:createRole" To use an IAM agency, the following minimum permissions are required: "
IAM is used to control resource operation permissions on the CSS management plane. If you need to assign different permissions to employees in your organization to access your CSS resources, IAM is a good choice for fine-grained permissions management.
