检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating a User and Granting DSS Permissions This chapter describes how to use IAM to implement fine-grained permissions control for your DSS resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
For details about the differences between IAM and enterprise management, see What Are the Differences Between IAM and Enterprise Management?
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview. DSS Permissions By default, new IAM users do not have permissions assigned.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
name "password": "********", // IAM user password "domain": { "name": "domainname" // Name of the account to which the IAM user belongs } } } }, "scope
Disk Management Permissions APIs Action IAM Project Enterprise Project Querying Details About All Disks by Service GET /v2/{project_id}/cloudvolumes/detail evs:volumes:list √ √ Parent topic: Permissions Policies and Supported Actions
DSS Storage Pool Management Permissions APIs Actions IAM Project Enterprise Project Obtaining details of a DSS storage pool GET /v1/{project_id}/pools/{dss_id} dss.action.querypool √ √ Obtaining details of DSS storage pools GET /v1/{project_id}/pools/detail dss.action.listpools √
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
