检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Permissions Management You can use Identity and Access Management (IAM) for fine-grained permissions control for your CTS. With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure.
With IAM, you can: Use your account to create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials for accessing CodeArts resources.
Create a user group on the IAM console, and attach the CBH ReadOnlyAccess policy to the group. Creating an IAM User. Create a user on the IAM console and add the user to the group created in 1. Log in and verify permissions.
Identity Authentication and Access Control Identity Authentication IAM users of the current tenant access LakeFormation on the console. LakeFormation authenticates IAM tokens in HTTPS requests delivered by the console to identify tenants and IAM users.
Identity authentication Configure IAM or App authentication for APIs to prevent malicious calling. Access control policies Configure a whitelist or blacklist of IP addresses/IP address ranges or accounts for APIs to secure access.
The descriptions below are about granting required permissions to IAM users under an account. Granting Required Permissions to IAM Users Log in to the IAM console as the account administrator and assign the following permissions to IAM users.
"iam:permissions:listRolesForAgencyOnProject", "iam:permissions:revokeRoleFromAgency", "iam:permissions:revokeRoleFromAgencyOnDomain", "iam:permissions:revokeRoleFromAgencyOnProject", "iam:roles:createRole",
The fees generated by IAM users when operating resources are uniformly charged to the account, and IAM users do not need to pay for resources. An account can be used to create IAM users and assign permissions to the IAM users.
When calling APIs of IAM and other cloud services, you can use this system keyword to obtain an IAM user token. Parameter Description Parameter Mandatory Type Default Value Description IAM Token URL Yes String https://iam.myhuaweicloud.com/v3/auth/tokens IAM endpoint.
IAM implements security design for each identity credential to protect user data and enable users to access IAM more securely. For details, see Table 1.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview.
For example, if you want to create an IAM user, use the endpoint of any region because IAM is a global service.
All regions Creating an IAM User Assigning Permissions to an IAM User Logging In as an IAM User OBS 2.0 Supported User Group Management User groups are used to assign permissions to IAM users. By default, new IAM users do not have any permissions assigned.
Risk level High Key strategies Enable MFA-based login for accounts and IAM administrators (IAM users with administrator permissions) to prevent risks caused by login credential leakage.
Create a user group on the IAM console, and assign MTD permissions to the group. Create an IAM user and add it to the user group. Create a user on the IAM console and add the user to the group created in 1. Create a custom policy. Create a custom policy.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
IAM is a global service. You can create an IAM user using the endpoint of IAM in any region.
