检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
If your Huawei Cloud account does not need individual IAM users, you can skip this section. By default, new IAM users do not have any permissions. You need to add a user to one or more groups, and attach permissions policies or roles to these groups.
In the same region, all the IAM users of an account can use database audit purchased under the account. Assume you have created a HUAWEI CLOUD account (domain1) in a region, and created two IAM users (sub-user01 and sub-user02) under domain1.
When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token. A token specifies temporary permissions in a computer system.
Suggestion Add the following permissions to your IAM accounts: tms:predefineTags:list bss:order:pay bss:order:view bss:order:update bss:balance:view vpc:vpcs:list smn:topic:list ces:metricData:create gaussdb:instance:list gaussdb:instance:modifyTraceSQLPolicy eps:resources:list rds
For security purposes, create IAM users and grant them permissions for routine management. User An IAM user is created by an account to use cloud services. Each IAM user has its own identity credentials (password and access keys).
The permission details are as follows: "obs:bucket:CreateBucket", "obs:object:PutObject", "bss:order:pay", "iam:agencies:createAgency", "iam:permissions:grantRoleToAgency", "iam:permissions:grantRoleToAgencyOnEnterpriseProject", "iam:permissions:grantRoleToAgencyOnDomain", "iam:permissions
IAM can be used free of charge. You pay only for the resources in your account. For details about IAM, see What is IAM? DBSS Permissions By default, new IAM users do not have permissions assigned.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com)) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.) Table 3 Request body parameter Parameter Mandatory Parameter Type Description instance_id Yes String Instance ID.
It can be obtained by calling the IAM API (value of X-Subject-Token in the response header).
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.) Table 3 Request body parameter Parameter Mandatory Parameter Type Description instance_id Yes String Instance ID.
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.) Table 3 Request body parameter Parameter Mandatory Parameter Type Description id Yes String Instance ID.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication.
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.) Table 3 Request body parameter Parameter Mandatory Parameter Type Description instance_id Yes String Instance ID.
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.)
Creating a User and Granting Permissions You can use IAM to implement refined permission control for DBSS resources. To be specific, you can: Create IAM users for employees based on the organizational structure of your enterprise.
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.) Response Parameters Status code: 200 Table 4 Response body parameters Parameter Parameter Type Description result String Response status.
≥0 count ECS 4 min IAM Identity and Access Management (IAM) provides you with permission management for DBSS. Only users who have the DBSS System Administrator permissions can use DBSS. To obtain the permissions, contact users who have the Security Administrator permissions.
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.) Table 3 Request body parameter Parameter Mandatory Parameter Type Description name No String Instance name.
Access Control DBSS supports access control through IAM permissions. Table 1 DBSS access control Method Description Reference Permission management IAM permission IAM permissions define which actions on your cloud resources are allowed or denied.
