检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
IAM Permissions Management WAF Custom Policies WAF Permissions and Supported Actions Parent Topic: Permissions Management
An account can allocate funds to IAM users so that IAM users can manage resources independently. Both an account and its IAM user can create IAM users. An account can only manage its own IAM users but cannot manage the IAM users of other accounts.
Creating a User Group and Granting Permissions This topic describes how to use IAM to implement fine-grained permissions control for your WAF resources. With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise.
With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to WAF resources. Grant only the permissions required for users to perform a task.
IAM can be used free of charge. You pay only for the resources in your account. For more details, see IAM Service Overview. WAF Permissions By default, new IAM users do not have any permissions assigned.
Identity and Access Management (IAM) is a basic service of Huawei Cloud that provides permissions management to help you securely control access to the WAF service. With IAM, you can add users to a user group and configure policies to control their access to WAF resources.
If your Huawei ID does not need individual IAM users, then you may skip over this section. By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign permissions policies to these groups.
"Action": [ "hss:hosts:switchVersion", "hss:hosts:manualDetect", "hss:manualDetectStatus:get" ] } ] } Parent Topic: IAM
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com)) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
Sharing WAF Among Multiple IAM Users Assume that you have created an account, domain1, by registering with Huawei Cloud, and used domain1 to create two IAM users, sub-user1a and sub-user1b, in IAM.
Please check the current user's IAM permissions." is displayed when a user attempted to access the Dedicate Engine page under Instance Management. Possible Cause The IAM ReadOnly permission is not granted to the login account.
If you have enabled enterprise management, you cannot create an IAM project and can only manage existing projects. In the future, IAM projects will be replaced by enterprise projects, which are more flexible.
It can be obtained by calling the IAM API (value of X-Subject-Token in the response header).
The permissions are as follows: iam:agencies:listAgencies iam:agencies:getAgency iam:permissions:listRolesForAgency iam:permissions:listRolesForAgencyOnProject iam:permissions:listRolesForAgencyOnDomain For details, see Creating a User Group and Granting Permissions.
This parameter is returned only when an IAM 5 authentication error occurs. details Array of IAM5ErrorDetails objects The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.
This parameter is returned only when an IAM 5 authentication error occurs. details Array of IAM5ErrorDetails objects The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.
Permissions Management Authorizing and Associating an Enterprise Project IAM Permissions Management Permission Dependency of the WAF Console
For security purposes, create Identity and Access Management (IAM) users and grant them permissions for routine management. User An IAM user is created using an account to use cloud services. Each IAM user has its own identity credentials (password and access keys).
This parameter is returned only when an IAM 5 authentication error occurs. details Array of IAM5ErrorDetails objects The set of error messages reported when a downstream service is invoked. This parameter is returned only when an IAM 5 authentication error occurs.
IAM Identity and Access Management (IAM) provides the permission management function for WAF. Only users granted WAF Administrator permissions can use WAF. To obtain this permission, contact the users who have the Security Administrator permissions.
