检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating a User and Granting Permissions This section describes how to use IAM to implement fine-grained permissions control for your CSE resources. With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise.
IAM user import Identity and Access Management (IAM) To import IAM users, the IAM ReadOnlyAccess permission is required. Table 3 lists the common operations for each system-defined policy or role of CSE. Select policies or roles as needed.
For example, the endpoint of IAM in the AP-Singapore region is iam.ap-southeast-3.myhwcloud.com.
Access Policy Description Documentation IAM permissions IAM permissions define which actions on your cloud resources are allowed and which actions are denied, to control access to your resources.
Log in to Huawei Cloud as an IAM user. Tenant name: Name of the account used to create the IAM user IAM username and password: Username and password specified during the IAM user creation using the tenant name Create a microservice engine on the CSE console.
You can create up to 1000 accounts, including new accounts and imported IAM account. Importing an IAM Account Imports an IAM account and associates roles with it. Users using this IAM account have the access and operation permissions on the microservice engine.
Log in to the IAM console and choose Agencies to check the agency quota and either adjust it or delete agencies that are no longer in use. Parent topic: Precautions When Using Huawei Cloud CSE
To operate a ServiceComb engine on CSE, you must have both the IAM and RBAC permissions, and the IAM permission takes precedence over the RBAC permission.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created using an account to use cloud services. Each IAM user has their own identity credentials (password and access keys).
Once a service has been authorized, an agency named cse_admin_trust on IAM will be created. Go to the agency list to view the details. To grant permissions, you must have the Security Administrator role permissions. Confirm the permissions in the IAM service.
The API for obtaining a project ID is GET https://{Endpoint}/v3/projects, where {Endpoint} indicates the IAM endpoint. You can obtain the IAM endpoint from Regions and Endpoints. For details about API authentication, see Authentication.
Figure 1 illustrates the responsibilities shared by Huawei Cloud and IAM users. Huawei Cloud: Ensure the security of cloud services and provide secure clouds.
When using a token for authentication, cache it to prevent frequently calling the Identity and Access Management (IAM) API for obtaining a user token. A token specifies temporary permissions in a computer system.
