检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Parent Topic: Using IAM to Grant CNAD Permissions
Parent topic: Calling APIs Through IAM Authentication
To assign permissions of the IoTDA FullAccess policy to the user group that the IAM user belongs to, do as follows: Procedure: Visit IAM and click Try Free to access the IAM console. In the navigation pane, choose User Groups. Click Authorize in the row of the target user group.
Statement": [ { "Effect": "Deny", "Action": [ "cnad:blackWhiteIpList:delete" ] }, ] } Parent Topic: Using IAM
IAM User IAM users use Huawei Cloud resources as specified by the permissions granted by their account. Creation: IAM users are created by an account in IAM. For details, see Creating an IAM User. Huawei Cloud login: Log in to Huawei Cloud by clicking IAM User.
Must I Use an IAM User (Sub Account) to Configure Transfer on CTS and Perform Operations on an OBS Bucket? No. You only need to ensure that you have the permissions to perform operations on OBS buckets.
IAM users created using Identity and Access Management (IAM) on the Huawei Cloud console cannot view the menus and content in Partner Center. Log in to Partner Center using the administrator account, create a user and assign a role to the user.
How Do I Get My Account ID and IAM User ID? (SDK for Python) Obtaining Account, IAM User, and Project Information Using the console On the Huawei Cloud homepage, click Console in the upper right corner.
Can I Use an AK/SK Pair of a Federated User (Virtual IAM User) for Authentication During the SMS-Agent Startup? SMS does not support authentication using AK/SK pairs of federated users (virtual users) during the SMS-Agent startup. Parent Topic: Credentials
Concepts IAM Identity Center User A user created in IAM Identity Center. You can associate an IAM Identity Center user with multiple accounts in your organization and configure permissions for the user.
The management account can delegate administration of IAM Identity Center to a member account in your organization to extend the ability to manage IAM Identity Center.
Overview Read this chapter if you are using IAM Identity Center for the first time. It helps you quickly familiarize yourself with the main functions of IAM Identity Center. The following figure shows how to use IAM Identity Center. Figure 1 Flowchart
OBS Using an IAM Agency
Create an IdP of the IAM user SSO type. For details, see Creating an IdP Entity on Huawei Cloud. The IdP name must be unique. You are advised to use the domain name. For details about IAM user SSO, see Application Scenarios of Virtual User SSO and IAM User SSO.
Create an IdP of the IAM user SSO type. For details, see Creating an IdP Entity on Huawei Cloud. The IdP name must be unique. You are advised to use the domain name. For details about IAM user SSO, see Application Scenarios of Virtual User SSO and IAM User SSO.
Table 1 Quotas for IAM Identity Center Item Default Quota Adjustable Number of users that can be created in IAM Identity Center 100,000 Yes Number of groups that can be created in IAM Identity Center 100,000 Yes Number of users in a group Unlimited - Number of groups to which a user
The group name must be unique in IAM Identity Center. (Optional) Select users to be added to this group. Click OK. An IAM Identity Center group is created and displayed in the group list. Parent topic: Group Management
Then, you can log in to the system as the IAM Identity Center user to access resources of those accounts without repeated login. If you are using IAM Identity Center for the first time, the service enabling page is displayed. Click Enable Now to enable IAM Identity Center first.
You configure this connection in your IdP using your SCIM endpoint for IAM Identity Center and a bearer token that you create in IAM Identity Center.
Deleting a User You can delete an IAM Identity Center user that is no longer needed. Deleting an IAM Identity Center user deletes all information about the user and revokes its access permissions. Deleted users cannot be restored. Exercise caution when performing this operation.
