检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating a User and Granting Permissions This section describes how to use IAM to implement fine-grained permissions control for your DDS resources. With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise.
Figure 5 Specifying the scope Step 2: Create an IAM User IAM users can be created for employees or applications of an enterprise. Each IAM user has their own security credentials, and inherits permissions from the groups it is a member of.
IAM projects or enterprise projects: Type of projects in which policies can be used to grant permissions. A policy can be applied to IAM projects, enterprise projects, or both.
If your Huawei account does not require individual IAM users for permissions management, you can skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see IAM Service Overview.
The validity period of a token obtained from IAM is 24 hours. If you want to use a token for authentication, cache it to avoid frequent IAM API calling.
IAM users can use DDS resources only after their accounts and passwords are verified. For details, see Step 2: Create IAM Users and Log In.
Making an API Request This section describes the structure of a REST API, and uses the IAM API for obtaining a user token as an example to describe how to call an API. The obtained token is used to authenticate the calling of other APIs.
In addition, the IAM service is provided, achieving access control over DDS resources. Parent topic: Network Security
IAM User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys). API authentication requires information such as the account name, username, and password.
DDS Actions Table 1 DB instance management actions Permissions APIs Action IAM Project Enterprise Project Creating a DB instance POST /v3/{project_id}/instances dds:instance:create vpc:vpcs:list vpc:vpcs:get vpc:subnets:get vpc:securityGroups:get vpc:ports:get √ √ Querying DB instances
One IAM user can create only one OBT instance in a region. To increase the OBT instance quota, submit a service ticket or call us at +86-4000-955-988 or +86-950-808. Parent topic: Product Notices
One IAM user can create only one OBT instance in a region. To increase the OBT instance quota, submit a service ticket or contact us via the customer service hotline. Parent topic: Product Notices
One IAM user can create only one OBT instance in a region. To increase the OBT instance quota, submit a service ticket or contact us via the customer service hotline. Parent topic: Product Notices
Creating a User and Granting the Read-Only Permission to the User This section describes how to use IAM to grant read-only permissions to DDS.
{Endpoint} is the IAM endpoint and can be obtained from the Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
