检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Functions Managing tag policies You can create, update, delete, attach, or detach tag policies. OUs and accounts inherit tag policies from one or more of their parent nodes (such as parent OUs).
with a few clicks. read instance* g:EnterpriseProjectId g:ResourceTag/<tag-key> bms:servers:showWindowsBaremetalServerPwd Grants permission to obtain Windows BMS passwords. read instance* g:EnterpriseProjectId g:ResourceTag/<tag-key> bms:servers:deletePassword Grants permission to delete
Grants the permission to delete a certificate. write cert * g:ResourceTag/<tag-key> - g:EnterpriseProjectId scm:cert:apply Grants the permission to request a certificate. write cert * g:ResourceTag/<tag-key> - g:EnterpriseProjectId scm:cert:revoke Grants the permission to revoke
If you want to close the management account, you have to delete your organization. For details, see Deleting an Organization. Once your request to close an account is submitted, data in the account will start to be deleted and cannot be restored. This operation cannot be undone.
cluster:updateClusterName Grants permission to rename a cluster. write mrs:<region>:<account-id>:cluster:<cluster-id> g:EnterpriseProjectId mrs:cluster:listTags Grants permission to query cluster tags. list - g:EnterpriseProjectId mrs:cluster:updateTags Grants permission to add or delete
For example, you use the management account to create two IAM users, and assign one of them the permissions to create and delete OUs while the other one only the permission to view information about OUs.
permission to delete reports. write - g:EnterpriseProjectId hss:wtp:deleteTimingOffConfigInfo Grants permission to delete the configuration of scheduled protection disabling. write host * g:EnterpriseProjectId hss:wtp:deleteWtpBackupHostInfo Grants permission to delete the remote
The following is an example of a deny policy: { "Version": "5.0", "Statement": [ { "Effect": "Deny", "Action": [ "organizations:ous:delete",
Grants permission to update the status of members who can use shared images. write image * - ims:images:addMember Grants permission to add a tenant that can use a shared image. write image * g:EnterpriseProjectId g:ResourceTag/<tag-key> ims:images:deleteMember Grants permission to delete
Table 2 Actions and dependencies supported by DRS APIs API Action Dependencies DELETE /v3/{project_id}/jobs/batch-jobs drs:migrationJoAb:batchDeleteJobs - DELETE /v5/{project_id}/jdbc-drivers drs::deleteDriver - DELETE /v5/{project_id}/jobs drs:migrationJob:batchDeleteJob - DELETE
Check whether the service-linked agency already exists. 400 Organizations.2003 Bad request for delete service linked agency. Failed to delete the service-linked delegated administrator.
Table 1 System-defined permissions for Organizations Role/Policy Name Description Type Dependencies Organizations FullAccess Users with these permissions can create, modify, delete, and view any information about Organizations.
and agencies from making changes to resource shares created in all accounts in your organization except for specified accounts. { "Version": "5.0", "Statement": [ { "Effect": "Deny", "Action": [ "ram:resourceShares:update", "ram:resourceShares:delete
provided list or with a specified state. read - g:TagKeys ram:resourceShares:update Grants permission to update the attributes of a resource share. write resourceShare * g:ResourceTag/<tag-key> ram:AllowExternalPrincipals - ram:RequestedAllowExternalPrincipals ram:resourceShares:delete
You can use this operator to effectively lock the values defined in a parent policy so that the child policies cannot add, append, or delete those values. Parent topic: Managing Tag Policies
Write instance * g:EnterpriseProjectId g:ResourceTag/tag-key - cbh:instance:deleteInstance Grants the permission to delete a faulty CBH instance.
Disabling automatic renewal for yearly/monthly resources DELETE /v2/orders/subscriptions/resources/autorenew/{resource_id} billing:subscription:renew Grants the permission to place orders, cancel orders, and modify recipient information.
Table 2 Actions and dependencies supported by CDN APIs API Action Dependencies GET /v1.0/cdn/domains cdn:configuration:queryDomainList - POST /v1.0/cdn/domains cdn:configuration:createDomains - DELETE /v1.0/cdn/domains/{domain_id} cdn:configuration:deleteDomains - PUT /v1.0/cdn/domains
ou-qqq/ou-*" } } }] } g:ResourceTag/<tag-key> For example, the following policy prevents users from modifying resource shares tagged with {"team": "engineering"}. { "Version": "5.0", "Statement": [ { "Effect": "Deny", "Action": [ "ram:resourceShares:delete
