检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Creating a User and Granting ServiceStage Permissions You can use Identity and Access Management (IAM) for fine-grained permissions control for your ServiceStage. With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure.
Replace the fields in bold with the actual values. accountid: ID of the account to which the IAM user belongs. username: IAM username to be created. email: email address of the IAM user. ********: login password of the IAM user.
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
IAM helps you secure access to your cloud resources. With IAM, you can create IAM users and grant them permission to access only specific resources.
Assigning Permissions to ServiceStage-Dependent Services Assigning CCE Namespace Permissions You can assign only common operation permissions on CCE cluster resources to the ServiceStage user group using IAM, excluding the namespace permissions of the clusters with Kubernetes RBAC
To achieve this result, you can create IAM users for the software developers and grant them only the permissions required for using ServiceStage resources. For more information about IAM, see the IAM Service Overview.
Log in to Huawei Cloud as an IAM user.
You can create up to 1000 accounts, including new accounts and imported IAM account. Importing an IAM Account Imports an IAM account and associates roles with it. Users using this IAM account have the access and operation permissions on the microservice engine.
For the API for creating an IAM user as an administrator, the following message body is returned. The following describes part of the response body. { "user": { "id": "c131886aec...
To operate a microservice engine on CSE, you must have both the IAM and RBAC permissions, and the IAM permission takes precedence over the RBAC permission.
Adding Image Permissions To allow IAM users of your account to read, write, and manage a specific image, add the required permissions to the IAM users on the details page of this image.
The same IAM user can join different organizations. Different permissions, namely read, write, and manage, can be assigned to different IAM users in the same account.
The API used to obtain a project ID is GET https://{Endpoint}/v3/projects/, where {Endpoint} indicates the IAM endpoint. You can obtain the IAM endpoint from Regions and Endpoints. For details on API calling authentication, see Authentication.
With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials for access to ServiceStage resources. Grant only the permissions required for users to perform a task.
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User A user is created in Identity and Access Management (IAM) to use cloud services.
In the Management Information area of the Basic Information tab page, view the IAM agency bound to the ECS. Log in to the Identity and Access Management (IAM) console. Choose Agencies and click the agency obtained in 3.c.
In the Management Information area of the Basic Information tab page, view the IAM agency bound to the ECS. Log in to the Identity and Access Management (IAM) console. Choose Agencies and click the agency obtained in 3.c.
{"errorCode":"401002","errorMessage":"Request unauthorized","detail":"Get service token from iam proxy failed,{\"error\":\"get project token from iam failed. error:http post failed, statuscode: 400\"}"} Checking method: Check whether the project information in the microservice.yaml
After CTS is enabled, you can view Viewing IAM Audit Logs. CTS stores operation logs of the last seven days. For details about ServiceStage operations that can be tracked by CTS, see ServiceStage Operations That Can Be Recorded by CTS.
Different IAM users under the same account can perform operations on the same cluster.
