检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
Obtaining an Agency URN Log in to the Identity and Access Management (IAM) console. Figure 1 IAM page Click Agencies. On the displayed page, click Create Agency. On the Create Agency page, set the following parameters and click Next.
To learn more about how IAM is different from Organizations for access control, see What Are the Differences in Access Control Between IAM and Organizations? This section describes the elements used by IAM custom identity policies and Organizations SCPs.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token. A token specifies temporary permissions in a computer system.
For security purposes, create IAM users and grant them permissions for routine management. IAM User An IAM user is created using an account to use cloud services. Each IAM user has their own identity credentials (password and access keys).
With IAM, you can control access to specific Huawei Cloud resources from principals (IAM users, user groups, agencies, or trust agencies). IAM supports role/policy-based authorization and identity policy-based authorization.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
