检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
For example, if an IAM user wants to query ECSs using an API, the user must have been granted permissions that allow the ecs:servers:list action. Supported Actions IAM provides system-defined policies that can be directly used.
Permission name: For example, if you set this parameter to ECS FullAccess, information about the permission will be returned.
Table 1 Critical operations defined by cloud services Service Category Service Critical Operation Compute Elastic Cloud Server (ECS) Stopping, restarting, or deleting an ECS Resetting the password for logging in to an ECS Detaching a disk Unbinding an EIP Bare Metal Server (BMS) Stopping
NOTE: Format: Service name:Resource type:Action, for example, vpc:ports:create Service name: indicates the service name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and actions are not case-sensitive.
When an IAM user granted only ECS permissions accesses other services, a message similar to the following will be displayed. Figure 7 No permissions Copyright © Huawei Technologies Co., Ltd.
√: supported; x: not supported Compute Service Scope Console API Agency Policy Enterprise Project Elastic Cloud Server (ECS) Specific regions √ √ √ √ √ Bare Metal Server (BMS) Specific regions √ √ √ √ √ Auto Scaling (AS) Specific regions √ √ x √ √ Cloud Phone Host (CPH) Specific
permissions for all services, including IAM) IAM users assigned the Security Administrator permissions (with permissions to access IAM) Authorization Authorization is the process of using policies to grant IAM users permissions required to perform specific tasks, such as managing ECS
Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and operations are not case-sensitive. You can use an asterisk (*) to represent all operations.
Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and operations are not case-sensitive. You can use an asterisk (*) to represent all operations.
Region-specific projects Computing O&M ECS FullAccess Administrator permissions for ECS. Region-specific projects CCE FullAccess Administrator permissions for Cloud Container Engine (CCE).
Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and operations are not case-sensitive. You can use an asterisk (*) to represent all operations.
Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and operations are not case-sensitive. You can use an asterisk (*) to represent all operations.
NOTE: Format: Service name:Resource type:Action, for example, vpc:ports:create Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and actions are not case-sensitive.
Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and operations are not case-sensitive. You can use an asterisk (*) to represent all operations.
NOTE: Format: Service name:Resource type:Action, for example, vpc:ports:create Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and actions are not case-sensitive.
NOTE: Format: Service name:Resource type:Action, for example, vpc:ports:create Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and actions are not case-sensitive.
NOTE: Format: Service name:Resource type:Action, for example, vpc:ports:create Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and actions are not case-sensitive.
Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and operations are not case-sensitive. You can use an asterisk (*) to represent all operations. Effect Yes String Effect of the permission.
Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and operations are not case-sensitive. You can use an asterisk (*) to represent all operations.
NOTE: Format: Service name:Resource type:Action, for example, vpc:ports:create Service name: indicates the product name, such as ecs, evs, or vpc. Only lowercase letters are allowed. Resource types and actions are not case-sensitive.