检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
The differences between performing ABAC on IAM Identity Center and on external identity providers are as follows: IAM Identity Center: You need to add the attributes for performing ABAC on the Access Control Attributes tab of IAM Identity Center.
Functions Centralized Identity Management IAM Identity Center allows you to create and manage users and groups as identities. With login credentials, your users can then manage their own access to multiple Huawei Cloud accounts from a single user portal.
Obtaining Access Control Attributes for a Specified Instance Function This API is used to return a list of IAM Identity Center identity source attributes that have been configured to be used with attribute-based access control (ABAC) of a specified IAM Identity Center instance.
If you use an external identity provider as the identity source, you can configure user attributes for performing ABAC in both IAM Identity Center and the external identity provider.
Parent topic: IAM Permissions Management
Billing IAM Identity Center is a free service. You only need to pay for the cloud services and resources used in your accounts. For details about the billing for using resources, see the billing description for each resource.
Before calling IAM Identity Center through an API, ensure that you are familiar with IAM concepts. For details, see What Is IAM Identity Center?. Parent topic: Before You Start
For example, if you enter the IAM console URL, users will access the IAM console after login. Description Description of a permission set.
In this case, you can manually provision users and groups through the IAM Identity Center console. When you add users to IAM Identity Center, ensure that the username is the same as that in your IdP.
Parent topic: Interconnecting an MRS Cluster with OBS Using an IAM Agency
On the Identity Source tab, click Change to IAM Identity Center in the Identity Source row. Figure 4 Changing to IAM Identity Center Review and confirm the change.
Click in the upper left corner of the page and choose Management & Governance > IAM Identity Center. Choose Settings in the navigation pane. Click the Authentication tab.
Before using IAM Identity Center, you must enable the Organizations service and create an organization. Then, you can log in to IAM Identity Center using the organization's management account.
Currently, you can only associate IAM Identity Center users/groups and permission sets with member accounts in your organization, rather than organizational units (OUs) or the whole organization.
Associating Accounts with Users and Permission Sets After IAM Identity Center users/groups and permission sets are created, you can associate one or more member accounts in your organization with the created users/groups and permission sets.
Querying Details about the Account Assignment Creation Status Function This API is used to query details about the account assignment creation status of a specified IAM Identity Center instance based on the request ID.
Querying Details about the Account Assignment Deletion Status Function This API is used to query details about the account assignment deletion status of a specified IAM Identity Center instance based on the request ID.
Creating Permissions Policies for ABAC Overview After you add tags to resources and enable and configure access control attributes in IAM Identity Center, you need to add attribute-based access control rules to custom identity policies of the permission set.
Disabling Access Control Attributes for a Specified Instance Function This API is used to disable ABAC for a specified IAM Identity Center instance and delete all configured attribute mappings.
Listing Account Assignment Creation Statuses Function This API is used to list the account assignment creation statuses of a specified IAM Identity Center instance.