检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
What Are the Differences Between IAM Users and Enterprise Member Accounts? IAM Users IAM users are created using an account in IAM or Enterprise Management (User Management page). They are managed and granted permissions by the account.
How Do I View an Account ID and IAM User ID? Use your IAM account to log in to Huawei Cloud. In the upper right corner of the page, click Console. The HUAWEI CLOUD management console is displayed.
Resource isolation IAM allows you to create multiple projects in a region for resource isolation. An IAM project can contain resources of only one region.
IAM is an identity management service that provides identity authentication, permissions management, and access control. You can use both IAM and Enterprise Management to manage users and access permissions.
How Do I Grant Some CDN Permissions to IAM Users? You can use IAM to implement fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your Huawei Cloud resources.
An example is given as follows: obs:*:*:object:my-bucket/my-object/* (indicating any object in the my-object directory of bucket my-bucket) Parent Topic: Configuring IAM Permissions
Figure 1 Modifying permissions in IAM On the IAM console, choose Agencies from the navigation pane on the left, and choose Permissions > Authorize. Search for IAM ReadOnlyAccess, enable it, and click Next and OK. Figure 2 IAM ReadOnlyAccess Verify that the permission is granted.
How Do I Create an IAM Agency? Scenarios During cross-region image replication, an agency is required to verify cloud service permissions in the destination region. So, create a cloud service agency before the replication.
Rule Logic If an IAM user has any directly assigned policies or permissions, the IAM user is noncompliant. If an IAM user does not have directly assigned policies or permissions, the IAM user is compliant. Parent topic: Identity and Access Management
CTS records all operations performed on IAM, such as creating users and user groups. Table 1 shows the IAM operations that can be recorded by CTS.
Creating IAM Users and Granting Them Permissions to Use CSS You can use Identity and Access Management (IAM) for fine-grained permissions control for CSS. With IAM, you can: Create IAM users for employees based on your enterprise's organizational structure.
With this rule, you can detect IAM policies that allow blocked actions on KMS keys to prevent unintended data encryption and decryption. Solution You can modify noncompliant IAM policies based on the evaluation results.
After you agree to the authorization, IoTDA creates an agency named iotda_admin_trust in IAM, after the authorization is successful, you can view the created agency in the agency list on the IAM console. Parent topic: Granting Permissions Using IAM
IAM Users, Project Members, and Repository Members Repository members come from project members of the project to which the repository belongs. Project members mainly come from IAM users of tenants.
Replace {user_name} and {password} respectively with the username and password of the IAM server. {project_id}: The project ID.
X-Auth-Token No String IAM user token, federated user token, or agency token. Specify either X-Auth-Token or Authorization (recommended). You can obtain the token from X-Subject-Token by calling the API for obtaining an IAM user token or agency token.
Updating the Mapping Between a User (Group) and an IAM Agency Function This API is used to update the mapping between a user or user group and an IAM agency. Constraints None Debugging You can debug this API in API Explorer. Automatic authentication is supported.
Granting Permissions Using IAM Agency Authorization
Querying the Mapping Between a User (Group) and an IAM Agency Function This API is used to obtain details about the mapping between a user or user group and an IAM agency. Constraints None Debugging You can debug this API in API Explorer. Automatic authentication is supported.
Parent topic: IAM User Management
