检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Obtaining Information About Account, IAM User, Group, Project, Region, and Agency Obtaining Account, IAM User, and Project Information Using the console On the Huawei Cloud homepage, click Console in the upper right corner.
Creating an IAM User and Granting RAM Permissions You can use Identity and Access Management (IAM) to implement fine-grained permissions control for your RAM resources. With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure.
RAM Advantages Simplified Resource Management You can create a resource once in one account and use RAM to share that resource with other accounts, eliminating the need to create and provision duplicate resources in each account. This simplifies resource management and reduces operational
What Is RAM? Overview Resource Access Manager (RAM) helps you securely share resources across accounts. If you have several Huawei Cloud accounts, you can create resources once in one account and use RAM to share those resources with the other accounts, eliminating the need to create
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
RAM Managed Permissions Getting a List of RAM Managed Permissions Getting Details About RAM Managed Permissions Getting all versions of permissions Parent topic: APIs
Check whether the RAM permission has been granted to the IAM user. 400 RAM.1009 The resource type %s has no permission. No permissions for the shared resource. Grant the permissions to access the shared resource. 400 RAM.1010 The domain id %s does not own the resource urn %s.
Actions Table 1 RAM actions Permission API Action IAM Project Enterprise Project Listing RAM managed permissions GET /v1/permissions ram:permissions:list × × Getting the details about RAM managed permissions GET /v1/permissions/{permission_id} ram:permissions:get × × Getting all versions
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
Disassociating RAM Managed Permissions Function This API is used to disassociate RAM managed permissions from a resource share. The disassociation takes effect immediately after you call this API. You can disassociate RAM managed permissions for a resource type from a resource share
Viewing the RAM Permissions Library Scenario In the RAM permissions library, you can view details about all RAM permissions available for different resource types. A RAM permission that defines the actions that principals with access to the resources in a resource share are allowed
Getting Details About RAM Managed Permissions Function This API is used to get the details of RAM managed permissions of the specified version for the specified resource type. If the permission version is not specified, the information about the default permission version is returned
Associated RAM Managed Permissions Associating or Replacing RAM Managed Permissions Disassociating RAM Managed Permissions Getting Associated RAM Managed Permissions Parent topic: APIs
If your account does not need individual IAM users for permissions management, you can skip this section. IAM is a free service. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview.
Associating or Replacing RAM Managed Permissions Function This API is used to associate or replace the RAM managed permission for a resource type included in a resource share. You can have only one permission associated with each resource type in the resource share. You can associate
Getting Associated RAM Managed Permissions Function This API is used to get the details of RAM managed permissions associated with a resource share. Debugging You can debug this API through automatic authentication in API Explorer or use the SDK sample code generated by API Explorer
Getting a List of RAM Managed Permissions Function This API is used to get a list of RAM managed permissions for the specified resource type. Debugging You can debug this API through automatic authentication in API Explorer or use the SDK sample code generated by API Explorer. URI
Appendixes Status Codes Error Codes Obtaining Information About Account, IAM User, Group, Project, Region, and Agency
Permissions Management Creating an IAM User and Granting RAM Permissions Creating Custom Policies
Creating Custom Policies You can use IAM to create custom policies to supplement system-defined RAM policies. For the actions supported by custom policies, see Permissions and Supported Actions. To create a custom policy, choose either visual editor or JSON.
