检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using IAM Roles or Policies to Grant Access to UGO This section describes how to use IAM to implement fine-grained permissions control for your UGO resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Using IAM Identity Policies to Grant Access to UGO This section describes how to use IAM to implement fine-grained permissions control for your UGO resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Using IAM to Grant Access to UGO Using IAM Roles or Policies to Grant Access to UGO Using IAM Identity Policies to Grant Access to UGO
Identity and Access Management (IAM) Identity and Access Management (IAM) manages permissions for UGO. Only users with the UGO administrator permissions can use UGO.
Table 1 Actions Function API Action IAM Project Enterprise Project Querying API versions / None. √ √ Querying a specified API version /{api_version} None. √ √ Querying quotas /v1/{project_id}/quotas ugo:jobs:getQuotas √ √ Converting SQL statements /v1/{project_id}/sql-conversion ugo
IAM User An IAM user is created using an account to use cloud services. Each IAM user has its own identity credentials (password and access keys) The account name, username, and password will be required for API authentication.
IAM projects or enterprise project: Scope of users a permission is granted to. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management.
For example, to obtain an IAM token in the AP-Singapore region, obtain the endpoint of IAM (iam.ap-southeast-3.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
Fine-Grained Authorization UGO uses Identity and Access Management (IAM) to implement fine-grained permission management.
The API used to obtain a project ID is GET https://{Endpoint}/v3/projects/, where {Endpoint} indicates the IAM endpoint. You can obtain the IAM endpoint from Regions and Endpoints. For details about API authentication, see Authentication.
IAM can be used for free. You pay only for the resources in your account. For more information about IAM, see What Is IAM? Role- and Policy-based Authorization New IAM users do not have any permissions assigned by default.
