检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
If an IAM user needs to configure the ACL, the user can request the administrator to perform the configuration or grant the required permissions.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer. URI DELETE /v3.0/OS-MFA/virtual-mfa-devices Table 1 Query parameters Parameter Mandatory Type Description user_id Yes String ID of the IAM user whose MFA device is to be deleted.
This parameter is valid only when subject is set to user or subject.user_id is specified. true: Query authorization records of IAM users and user groups which the IAM users belong to. false: Only query authorization records of IAM users. page No Integer Page number for pagination
Request URL The request URL is in the format "https://IAM region and endpoint/API URI". Obtain the IAM region and endpoint from Regions and Endpoints. Figure 1 IAM regions and endpoints Obtain the API URI from Obtaining a User Token.
For details about IAM operations that can be recorded by CTS, see "IAM operations that can be recorded by CTS" in Enabling CTS. After you enable CTS and create and configure a tracker, CTS starts to record operations for auditing. For details, see Enabling CTS.
Format: /iam/agencies/delegation ID.
Only the administrator can configure the password policy, and IAM users can only view the configurations. If an IAM user needs to modify the configurations, the user can request the administrator to perform the modification or grant the required permissions.
On the Huawei Cloud login page, click IAM User. On the IAM User Login page, enter the account name, user name, and password of the created user.
The value can be true or false. manage_email boolean Specifies whether IAM users are allowed to change their email addresses. The value can be true or false. manage_mobile boolean Specifies whether IAM users are allowed to change their mobile numbers.
IAM user SSO After a federated user logs in to Huawei Cloud, the system automatically maps the external identity ID to an IAM user so that the federated user has the permissions of the mapped IAM user.
Account A creates an agency in IAM to delegate resource access to account B. Figure 1 (Account A) Creating an agency (Optional) Account B assigns permissions to an IAM user to manage specific resources for account A.
Step 2: On the IAM console, create a user group for each functional team, create IAM users for employees, and add the users to different user groups.
Solution Account A creates an agency on the IAM console to authorize account B to manage its resources. Account B assigns permissions to its IAM users to manage account A's resources specified in the agency. Account A can modify or delete the agency at any time.
For details about how to obtain the project ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information. Ensure that the project is the IAM project that IAM users in the group will be authorized to access and use.
IAM projects are different from enterprise projects. For details about their differences, see What Are the Differences Between IAM Projects and Enterprise Projects? Figure 1 Project isolation Resources cannot be transferred across IAM projects.
Table 14 token.assumed_by.user Parameter Type Description name String IAM username. id String IAM user ID. domain Object Account information about delegated party B. password_expires_at String Password expiration time of the IAM user.
IAM users can assign permissions to themselves. IAM provides general permissions (such as administrator or read-only permissions) for each cloud service, which you can assign to user groups. Users in the groups can then use cloud services based on the assigned permissions.
Procedure Use the DomainA account to create an IAM user (for example, UserB) by following the instructions in Creating an IAM User.
For security purposes, create IAM users and grant them permissions for routine management. IAM user An IAM user is created by an account to use cloud services. Each IAM user has its own identity credentials (password or access keys).
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer.
