检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating a User and Granting Permissions You can use IAM to implement refined permission control for DBSS resources. To be specific, you can: Create IAM users for employees based on the organizational structure of your enterprise.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com)) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
IAM can be used free of charge. You pay only for the resources in your account. For details about IAM, see What is IAM? DBSS Permissions By default, new IAM users do not have permissions assigned.
If your Huawei Cloud account does not need individual IAM users, you can skip this section. By default, new IAM users do not have any permissions. You need to add a user to one or more groups, and attach permissions policies or roles to these groups.
The permission details are as follows: "obs:bucket:CreateBucket", "obs:object:PutObject", "bss:order:pay", "iam:agencies:createAgency", "iam:permissions:grantRoleToAgency", "iam:permissions:grantRoleToAgencyOnEnterpriseProject", "iam:permissions:grantRoleToAgencyOnDomain", "iam:permissions
Access Control DBSS supports access control through IAM permissions. Table 1 DBSS access control Method Description Reference Permission management IAM permission IAM permissions define which actions on your cloud resources are allowed or denied.
In the same region, all the IAM users of an account can use database audit purchased under the account. Assume you have created a HUAWEI CLOUD account (domain1) in a region, and created two IAM users (sub-user01 and sub-user02) under domain1.
For security purposes, create IAM users and grant them permissions for routine management. User An IAM user is created by an account to use cloud services. Each IAM user has its own identity credentials (password and access keys).
≥0 count ECS 4 min IAM Identity and Access Management (IAM) provides you with permission management for DBSS. Only users who have the DBSS System Administrator permissions can use DBSS. To obtain the permissions, contact users who have the Security Administrator permissions.
Suggestion Add the following permissions to your IAM accounts: tms:predefineTags:list bss:order:pay bss:order:view bss:order:update bss:balance:view vpc:vpcs:list smn:topic:list ces:metricData:create gaussdb:instance:list gaussdb:instance:modifyTraceSQLPolicy eps:resources:list rds
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication.
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.) Table 3 Request body parameter Parameter Mandatory Parameter Type Description instance_id Yes String Instance ID.
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.) Table 3 Request body parameter Parameter Mandatory Parameter Type Description instance_id Yes String Instance ID.
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.) Table 3 Request body parameter Parameter Mandatory Parameter Type Description instance_id Yes String Instance ID.
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.) Table 3 Request body parameter Parameter Mandatory Parameter Type Description id Yes String Instance ID.
It can be obtained by calling the IAM API (value of X-Subject-Token in the response header).
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.)
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.) Response Parameters Status code: 200 Table 4 Response body parameters Parameter Parameter Type Description result String Response status.
The token can be queried by calling the IAM API. (The token is the value of X-Subject-Token in the response header.) Table 3 Request body parameter Parameter Mandatory Parameter Type Description name No String Instance name.
When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token. A token specifies temporary permissions in a computer system.
