检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
IAM implements security design for each identity credential to protect user data and enable users to access IAM more securely. For details, see Table 1.
Verifying a Token Function This API can be used by the administrator to verify the token of an IAM user or used by an IAM user to verify their own token. The administrator can only verify the token of an IAM user created using the account.
Creating a Permanent Access Key Function This API can be used by the administrator to create a permanent access key for an IAM user or used by an IAM user to create a permanent access key.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer. URI GET /v3/users/{user_id}/projects Table 1 URI parameters Parameter Mandatory Type Description user_id Yes String IAM user ID.
Symptom Permissions that you grant to an IAM user on the IAM console have not been applied. Troubleshooting Cause: Incorrect permissions were granted to the user group to which the user belongs.
Deleting a Permanent Access Key Function This API can be used by the administrator to delete the specified permanent access key of an IAM user or used by an IAM user to delete one of their own permanent access keys.
Functions IAM provides a variety of functions for you to secure access to your resources. Refined Permissions Management You can grant IAM users permissions to manage different resources in your account.
Modifying a Permanent Access Key Function This API can be used by the administrator to modify the specified permanent access key of an IAM user or used by an IAM user to modify one of their own permanent access keys.
Querying a Permanent Access Key Function This API can be used by the administrator to query the specified permanent access key of an IAM user or used by an IAM user to query one of their own permanent access keys.
All regions Creating an IAM User Assigning Permissions to an IAM User Logging In as an IAM User OBS 2.0支持IAM User Management An IAM user is created using a HUAWEI CLOUD account.
(Administrator) Enabling login protection for an IAM user To enable login protection for an IAM user, go to the Users page and choose More > Security Settings in the row that contains the IAM user.
Supported Cloud Services IAM provides identity authentication and permissions management for other Huawei Cloud services. Users created in IAM can access these services based on assigned permissions.
Figure 1 IAM user login page Enter the administrator account, IAM username or email address, and verification code. Figure 2 Resetting IAM user password Account: Created upon successful registration with Huawei Cloud.
Querying Permanent Access Keys Function This API can be used by the administrator to query all permanent access key of an IAM user or used by an IAM user to query all of their own permanent access keys.
Creating a Virtual MFA Device Function This API is provided for IAM users to create a virtual MFA device. The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer.
A token is an access credential issued to an IAM user to bear its identity and permissions. When calling the APIs of IAM or other cloud services, you can use this API to obtain a user token for authentication.
Only the following users can use IAM: Account administrator (with full permissions for all services, including IAM) IAM users added to the admin group (with full permissions for all services, including IAM) IAM users assigned the Security Administrator role or an xxx FullAccess policy
Basic Concepts Permission By default, IAM users do not have permissions. To assign permissions to IAM users, add them to one or more groups, and attach policies or roles to these groups.
For example, if a user or user group has the IAM ReadOnlyAccess permission, the user or user group only has the read-only permission on IAM service data. IAM also supports custom policies to assign IAM service permissions.
