检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
The account administrator grants only the permissions of an enterprise project to the IAM user, so the IAM user cannot obtain the domain ID of the account, and the following error message is displayed when the IAM user calls an API.
Table 1 Comparison of OBS agency permissions Version Permissions Granted to CDN After the Agency Is Enabled Old All permissions of the IAM system-defined role Tenant Guest. For details, see IAM Permissions. New obs:object:GetObject for obtaining object content and metadata.
How Do I Grant Some CDN Permissions to IAM Users? Is the CDN Service Area Related to the Origin Server Location and ICP Filing? Will User Access from Other Regions Be Accelerated If I Select Chinese Mainland as My Service Area? Does CDN Support Acceleration by Region?
Constraints IAM users can enable SCM authorization only when they have the following permissions: Associated Cloud Service Permission IAM Listing permissions: iam:roles:listRoles Creating a custom policy: iam:roles:createRole Listing agencies: iam:agencies:listAgencies Creating an
How Do I Grant Some CDN Permissions to IAM Users? You can use IAM to implement fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your Huawei Cloud resources.
Possible causes: Your IAM agency quota has been used up. On the Quotas page of the IAM console, check whether the agency quota has been used up. If yes, delete unnecessary agencies or submit a service ticket to increase the quota. You are an IAM user.
Perform the following steps: If you are using CDN as an IAM user with insufficient permissions, view each permission on Permissions Management and ask the account administrator to assign the required permissions to you by referring to Creating a User and Granting CDN Permissions.
Perform the following operations to rectify the fault: If you log in as an IAM user, check whether you have the permissions required to perform cache purge and prefetch. If you do not have the required permissions, apply for them from your account administrator.
IAM or enterprise projects: Type of projects for which an action will take effect. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management.
For security purposes, create IAM users and grant them permissions for routine management. IAM user An IAM user is created using an account to use cloud services. Each IAM user has its own identity credentials (password and access keys).
Table 1 Comparison of OBS agency permissions Version Permissions Granted to CDN After the Agency Is Enabled Old All permissions of the IAM system-defined role Tenant Guest. For details, see IAM Permissions. New obs:object:GetObject for obtaining object content and metadata.
Create a user group on the IAM console, and assign the CDN DomainReadOnlyAccess policy to the group. Create an IAM user and add it to the user group. Create a user on the IAM console and add the user to the group created in 1. Log in as the IAM user and verify permissions.
configuration:modifyChargeMode PUT /v1.0/cdn/charge/charge-modes √ × Quotas Permission Action API IAM Project Enterprise Project Querying quotas cdn:configuration:queryDomains GET /v1.0/cdn/quota √ × Parent Topic: Permissions Policies and Supported Actions
For example, to obtain an IAM token in the ALL region, obtain the endpoint of IAM (iam.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
IAM users can enable OBS authorization only when they have the following permissions: IAM permissions Listing agencies: iam:agencies:listAgencies Creating an agency: iam:agencies:createAgency Granting permissions to an agency for a region-specific project: iam:permissions:grantRoleToAgencyOnProject
Table 3 Dependency policies and roles Console Function Dependent Services Roles or Policies Required OBS authorization Identity and Access Management (IAM) Creating an agency: iam:agencies:createAgency Listing agencies: iam:agencies:listAgencies Querying agency details: iam:agencies
The token can be obtained by calling the IAM API used to obtain a user token. The value of **X-Subject-Token** in the response header is the user token.
Object Storage Service (OBS) Accelerating Delivery of OBS Resources IAM provides: User and permission management IAM user and user group management Fine-grained policy management Agency management Allow CDN to access your OBS private buckets on the IAM console.
The token can be obtained by calling the IAM API used to obtain a user token. The value of **X-Subject-Token** in the response header is the user token.
The token can be obtained by calling the IAM API used to obtain a user token. The value of **X-Subject-Token** in the response header is the user token.
