检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Parent topic: Granting Permissions to IAM Users
What Should I Do If the Organization and Account Information Is Unavailable to an IAM User? By default, IAM users can view the organization and account information in Enterprise Center.
Creating a User and Granting ECS Permissions Use IAM to implement fine-grained permissions control over your ECSs. With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure.
After creating a user group on the IAM console, grant the custom policy created in 1 to the user group. Create a user on the IAM console and add the user to the group created in 3.
IAM is free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview. Huawei HiLens Permissions By default, new IAM users do not have any permissions assigned.
What Do I Do If I Cannot Enable CTS as an IAM User? Issue Description If you fail to enable CTS as an Identity and Access Management (IAM) user, perform the following steps. Procedure Check whether the IAM user has the required permission. If yes, go to 2.
How Do I Limit Specific Enterprise Projects to Different IAM Users? Background There are two IAM users, User B and User C, and two enterprise projects, EnterpriseProjectB and EnterpriseProjectC, in your account.
This capability depends on the new IAM, requiring you to adopt the IAM 5.0 permission model. Exercise caution when selecting this capability.
AAD Permissions and Actions This section describes how to use IAM for fine-grained AAD permissions management. If your Huawei Cloud account does not need individual IAM users, skip this section. By default, new IAM users do not have permissions assigned.
Parent topic: Using IAM to Grant Access to RDS
IAM Access Analyzer Identity Policy-based Authorization Reference IAM provides system-defined identity policies to define typical cloud service permissions.
Using Tags to Control Access to IAM Users and Trust Agencies Tags can be attached to IAM resources or the principals that are making the request, or passed in the request. An IAM user or trust agency can be both a resource and principal.
Querying All Identity Policies Attached to a Specified IAM User Function This API is used to query all identity policies attached to a specified IAM User.
Parent topic: Calling APIs Through IAM Authentication
"Action": [ "hss:hosts:switchVersion", "hss:hosts:manualDetect", "hss:manualDetectStatus:get" ] } ] } Parent Topic: Using IAM
"cce:cluster:get", "cce:cluster:list", "cce:node:get", "cce:node:list" ] } ] } Parent Topic: Using IAM
The following is an example deny policy: { "Version": "1.1", "Statement": [{ "Action": ["rds:instance:delete"], "Effect": "Deny" }] } Parent topic: Using IAM to Grant Access to RDS
following is an example of a deny policy: { "Version": "1.1", "Statement": [ { "Effect": "Deny", "Action": [ "ecs:cloudServers:delete" ] } ] } Parent Topic: Using IAM
The following is an example deny policy: { "Version": "1.1", "Statement": [ { "Effect": "Deny", "Action": [ "ims:images:delete" ] } ] } Parent topic: Using IAM to Grant Access to IMS
"Effect": "Allow", "Action": [ "vpc:ports:get", "vpc:securityGroups:get", "vpc:subNetworkInterfaces:list" " ] } ] } Parent Topic: Using IAM
