检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Using IAM to Grant Access to RDS Creating a User and Granting Permissions RDS Custom Policies Parent Topic: Working with RDS for MySQL
Creating an IAM User and Granting Permissions You can create an IAM user or user group on the Identity and Access Management (IAM) console and grant it specific operation permissions for fine-grained permissions management. Create a user group and assign permissions to it.
RDS Actions Table 1 Common query actions Permission API Action IAM Project Enterprise Project Authorization by Instance Querying the DB engine version GET /v3/{projectId}/datastores/{database_name} No action required √ √ × Querying database specifications GET /v3/{project_id}/flavors
Error Reported When a DB Instance Is Purchased Scenario When an IAM user purchases an RDS DB instance, an error message is displayed, indicating that the user is not granted the IAM agency permission.
Working with RDS for MySQL Using IAM to Grant Access to RDS Buying an RDS for MySQL DB Instance Instance Connection Database Usage Database Migration Version Upgrade Instance Management Instance Modifications Data Backups Data Restorations Read Replicas Database Proxy (Read/Write
Creating an IAM User and Granting Permissions You can create an IAM user or user group on the Identity and Access Management (IAM) console and grant it specific operation permissions for fine-grained permissions management. Create a user group and assign permissions to it.
Creating an IAM User and Granting Permissions You can create an IAM user or user group on the Identity and Access Management (IAM) console and grant it specific operation permissions for fine-grained permissions management. Create a user group and assign permissions to it.
Access Control RDS controls access through the account/IAM user and security groups. When you create an RDS DB instance, an account is automatically created. To separate out specific permissions, you can create IAM users and assign permissions to them as needed.
The following is an example deny policy: { "Version": "1.1", "Statement": [{ "Action": ["rds:instance:delete"], "Effect": "Deny" }] } Parent Topic: Using IAM to Grant Access to RDS
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
This permission can be granted using Identity and Access Management (IAM). On the IAM console, add permission policies to user groups. For details, see Creating a User Group and Assigning Permissions.
This permission can be granted using Identity and Access Management (IAM). On the IAM console, add permission policies to user groups. For details, see Creating a User Group and Assigning Permissions.
This permission can be granted using Identity and Access Management (IAM). On the IAM console, add permission policies to user groups. For details, see Creating a User Group and Assigning Permissions.
Parent Topic: Using IAM to Grant Access to RDS
Creating a User and Granting Permissions This chapter describes how to use Identity and Access Management (IAM) for fine-grained permissions management for your RDS resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Creating a User and Granting Permissions This chapter describes how to use Identity and Access Management (IAM) for fine-grained permissions management for your RDS resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
IAM users can use RDS resources only after their accounts and passwords are verified. For details, see Step 2: Create IAM Users and Log In.
For security purposes, create IAM users and grant them permissions for routine management. IAM User An IAM user is created using an account to use cloud services. Each IAM user has its own identity credentials (password and access keys).
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
iam:roles:listRoles, and iam:agencies:pass actions.
