检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
IAM Error Codes If an error code starting with APIGW is returned after you call an API, rectify the fault by referring to the instructions provided in Error Codes. For details about IAM error codes, see IAM Error Codes. Parent Topic: Appendix
For more information, see Creating an IAM User. Parent topic: Getting Started
Adding an IAM User to a User Group You can add IAM users Test_User_A and Test_User_B to user groups Test_ECS_A and Test_ECS_B respectively according to the following procedure: Log in to Huawei Cloud and click Console in the upper right corner.
What Are the Differences Between IAM Projects and Enterprise Projects? IAM Projects An IAM project can contain resources of only one region. You cannot transfer resources between IAM projects. Enterprise Projects An enterprise project can contain resources of different regions.
What Are the Differences Between IAM Users and Enterprise Member Accounts? IAM Users IAM users are created using an account in IAM or Enterprise Management (User Management page). They are managed and granted permissions by the account.
Resource isolation IAM allows you to create multiple projects in a region for resource isolation. An IAM project can contain resources of only one region.
What Are the Differences Between IAM Users and Enterprise Member Accounts? See What Are the Differences Between IAM Users and Enterprise Member Accounts? Parent topic: Common Issues
What Should I Do If the Organization and Account Information Is Unavailable to an IAM User? By default, IAM users can view the organization and account information in Enterprise Center.
How Do I Limit Specific Enterprise Projects to Different IAM Users? Background Your account A has two IAM users (User B and User C) and two enterprise projects (B and C). You want to: Allow user B to view and manage resources only in enterprise project B.
Possible Causes The master account has not assigned the Agent Operator role to the IAM user. The master account has not assigned the BSS Administrator, BSS Operator, or BSS Finance role to the IAM user.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
Overview Scenario EPS supports resource management using IAM users. You can grant IAM users different permissions to ensure controlled and secure resource access.
You can use IAM to control access to your EPS resources. IAM permissions define which actions on your cloud resources are allowed or denied.
To query enterprise projects associated with an IAM user, see Querying the Enterprise Projects Associated with an IAM User.
IAM or enterprise projects: Type of projects for which an action will take effect. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management.
Verifying Permissions This section describes how to verify IAM user permissions. Sign in to the management console as an IAM user. Choose Enterprise > Project Management in the upper right corner of the page.
IAM user: An IAM user's permissions are granted by the administrator. The enterprise project information displayed on the Enterprise Project Management Service page varies for each IAM user based on the permissions assigned.
Authorization Scope: A custom policy can be applied to IAM projects or enterprise projects or both. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management.
The validity period of a token obtained from IAM is 24 hours. If you want to use a token for authentication, cache it to avoid frequently calling the IAM API.
Be an IAM user that has been assigned a global authorization policy. Parent topic: FAQs
