检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Create a user group on the IAM console, assign the Workspace Administrator permission to the group, and select the authorization scope. Create a user and add them to the user group. Create a user on the IAM console and add the user to the group created in 1.
How Do I Authorize an IAM User to Use Workspace Application Streaming? Scenarios An IAM user account created by the administrator needs to be assigned permissions before using Workspace Application Streaming.
Therefore, if the Huawei Cloud account has been authorized, the IAM user does not need to enable the agency. Method 2: Contact the Huawei Cloud account to add the Security Administrator permissions to the IAM user. Then, the IAM user can enable the agency.
Creating a User and Assigning Permissions Scenarios This section describes how to use IAM to implement fine-grained permissions control for your Workspace resources. With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise.
Permissions required for creating and querying agencies: System-defined role: Security Administrator Add the following actions to the custom policy: iam:roles:getRole iam:roles:listRoles iam:agencies:getAgency iam:agencies:listAgencies iam:agencies:createAgency iam:permissions:listRolesForAgencyOnProject
For details, see Creating an IAM User and Granting Permissions. Parent topic: Permissions Management
iam:agencies:listAgencies iam:agencies:createAgency iam:permissions:listRolesForAgencyOnProject iam:permissions:grantRoleToAgencyOnProject Permissions required for querying agencies: System-defined policy: IAM ReadOnlyAccess Add the following actions to the custom policy: iam:agencies
IAM user You can use your account to create IAM users and assign permissions for specific resources. Each IAM user has their own identity credentials (passwords or access keys) and uses cloud resources based on assigned permissions. IAM users cannot make payments themselves.
Operation Process Operation Process for Administrators An administrator can log in to the official website of the Huawei Cloud using a Huawei Cloud account that has passed the real-name authentication or an IAM account that has been assigned the Workspace administrator permissions
For example, to obtain an IAM token in the CN North-Beijing1 region, obtain the endpoint of IAM (iam.cn-north-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
IAM projects or enterprise projects: Applicable scope of custom policies. Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management.
(Optional) Creating an IAM User If you have registered on Huawei Cloud, you can create an IAM user on the IAM console. For details, see Creating an IAM User.
Currently, the storage does not support IAM 5.0. You need to add IAM 3.0 to use the storage. IAM 5.0: The console URL is https://console.xxxxxx.com/iam5.
For security purposes, create IAM users and grant them permissions for routine management. User An IAM user is created by an account in IAM to use cloud services. Each IAM user has its own identity credentials (password and access keys).
To use CBR, the IAM account created under the Huawei account must be added to the admin user group or a user group with CBR operation permissions. Go to the IAM page to check whether the user belongs to the admin user group. If not, grant the IAM account the permission on CBR.
Permission Management Workspace Permissions Creating an IAM User and Granting Permissions Workspace Custom Policies Entrustment Description Enterprise Projects
IAM Identity and Access Management (IAM) is a basic service of Huawei Cloud that provides permissions management to help you securely control access to your cloud services and resources.
Tenant Administrator has the permissions on all cloud services except IAM and can call the cloud services on which Workspace depends. The delegation takes effect only in the current region.
The API for obtaining a project ID is GET https://{Endpoint}/v3/projects, where {Endpoint} indicates the IAM endpoint. You can obtain the IAM endpoint from Regions and Endpoints. For details about API authentication, see Authentication.
Added: Added support for IAM fine-grained authentication in Permissions. 2023-06-15 This issue is the second official release. Modified: Added the Windows 10 OS version and Windows image description in Supported OSs. 2022-12-26 This issue is the first official release.
