检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Configuring Permissions in IAM Creating a User and Granting Permissions SWR Custom Policies Parent Topic: Permissions Management
Why Cannot IAM Users Configure Image Synchronization? Currently, only accounts and IAM users with administrator permissions can configure image synchronization. Parent topic: Synchronizing Images
Solutions On either the SWR or IAM console, grant the required permission to the IAM user you are using. Method 1: Log in to the SWR console as an SWR administrator. In the organization list, locate the organization.
Strengthening Permissions Management to Reduce Related Risks Do not allow IAM users to access SWR using administrator permissions. Create Huawei Cloud IAM users and grant them access permissions on different container images to isolate permissions between employees.
On the details page of the organization, grant the IAM user the permission to manage this organization. For details, see User Permissions. Method 2: Use IAM fine-grained authorization to assign a custom policy to this IAM user. This policy contains the permission to push images.
To grant an IAM user permission to access dependent cloud services of SWR, you must have the IAM role Security Administrator. Fine-grained HSS Authorization Log in to the management console.
Function Description Phase Documentation 1 IAM fine-grained authorization IAM fine-grained permission control was supported. You can flexibly assign different permissions to IAM users and user groups in your account.
With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing SWR resources.
For more information, see: Public Network Access Private Network Access Constraints To obtain the subnet list of a VPC, IAM users must have the VPC ReadOnlyAccess permission. Use your account to log in to IAM and grant this permission to IAM users. Parent topic: Access Control
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created by an account to use cloud services. Each IAM user has its own identity credentials (password and access keys).
Policies that contain actions for both IAM and enterprise projects can be used and applied for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
"StringEquals": { "g:SourceVpc": [ "0bfdf87b-7789-4851-801e-8e726b82beae" ] } } }, { "Effect": "Allow", "Action": [ "swr::createLoginSecret" ] } ] } Parent Topic: Configuring Permissions in IAM
SWR Permissions Overview There are three types of SWR permissions: IAM permissions: Create IAM users and grant them permissions to use SWR. Image permissions: After creating an IAM administrator, you can grant image access permissions to other IAM users.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
On the displayed API Credentials page, view the IAM username and IAM user ID. Figure 1 API credentials Parent Topic: Appendixes
With IAM, you can: Create IAM users or user groups for personnel based on your enterprise's organizational structure. Each IAM user has their own identity credentials for accessing SWR resources.
IAM users must be added to a user group to obtain the permissions assigned to the user group. If a user is added to multiple user groups, the user inherits the permissions assigned to all these groups. IAM role IAM roles are IAM users with special permissions.
In IAM, the administrator sets Access Type to Programmatic access.
IAM helps you secure access to your Huawei Cloud resources. With IAM, you can create IAM users and grant them permission to access only specific resources.
In addition to assigning permissions to users in IAM, the administrator can add, modify, and delete permissions for IAM users on the image details page of the SWR console.
