检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating a User and Granting Permissions This chapter describes how to use Identity and Access Management (IAM) for fine-grained permissions management for your RDS resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Creating a User and Granting Permissions This chapter describes how to use Identity and Access Management (IAM) for fine-grained permissions management for your RDS resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Creating a User and Granting Permissions This chapter describes how to use Identity and Access Management (IAM) for fine-grained permissions management for your RDS resources. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
Error Reported When a DB Instance Is Purchased Scenario When an IAM user purchases an RDS DB instance, an error message is displayed, indicating that the user is not granted the IAM agency permission.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
iam:roles:listRoles, and iam:agencies:pass actions.
Creating an IAM User and Granting Permissions You can create an IAM user or user group on the Identity and Access Management (IAM) console and grant it specific operation permissions for fine-grained permissions management. Create a user group and assign permissions to it.
Creating an IAM User and Granting Permissions You can create an IAM user or user group on the Identity and Access Management (IAM) console and grant it specific operation permissions for fine-grained permissions management. Create a user group and assign permissions to it.
Creating an IAM User and Granting Permissions You can create an IAM user or user group on the Identity and Access Management (IAM) console and grant it specific operation permissions for fine-grained permissions management. Create a user group and assign permissions to it.
IAM users can use RDS resources only after their accounts and passwords are verified. For details, see Step 2: Create IAM Users and Log In.
For security purposes, create IAM users and grant them permissions for routine management. IAM User An IAM user is created using an account to use cloud services. Each IAM user has its own identity credentials (password and access keys).
Access Control RDS controls access through the account/IAM user and security groups. When you create an RDS DB instance, an account is automatically created. To separate out specific permissions, you can create IAM users and assign permissions to them as needed.
RDS Actions Table 1 Common query actions Permission API Action IAM Project Enterprise Project Authorization by Instance Querying the DB engine version GET /v3/{projectId}/datastores/{database_name} No action required √ √ × Querying database specifications GET /v3/{project_id}/flavors
This permission can be granted using Identity and Access Management (IAM). On the IAM console, add permission policies to user groups. For details, see Creating a User Group and Assigning Permissions.
This permission can be granted using Identity and Access Management (IAM). On the IAM console, add permission policies to user groups. For details, see Creating a User Group and Assigning Permissions.
This permission can be granted using Identity and Access Management (IAM). On the IAM console, add permission policies to user groups. For details, see Creating a User Group and Assigning Permissions.
An IAM account can create three OBT instances in a region. You can change the specifications of a created GeminiDB Redis instance, but the instance will be billed after the change.
{Endpoint} is the IAM endpoint and can be obtained from Regions and Endpoints. For details about API authentication, see Authentication. The following is an example response.
When using a token for authentication, cache it to prevent frequently calling the IAM API used to obtain a user token. A token specifies temporary permissions in a computer system.
