检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Policies that only contain actions for IAM projects can be used and only take effect for IAM. For the differences between IAM and enterprise projects, see Differences Between IAM and Enterprise Management.
This section describes how to create a user group and IAM users and add the IAM users to the user group.
Figure 5 Specifying the scope Step 2: Create an IAM User IAM users can be created for employees or applications of an enterprise. Each IAM user has their own security credentials, and inherits permissions from the groups it is a member of.
Create a user group on the IAM console, and assign the DSC FullAccess permissions to the group. Creating an IAM User. Create a user on the IAM console and add it to the group created in 1. Logging In as an IAM User and verify permissions.
Overview Scenario EPS supports resource management using IAM users. You can grant IAM users different permissions to ensure controlled and secure resource access.
With IAM, you can: Create IAM users for employees based on the organizational structure of your enterprise. Each IAM user has their own security credentials, providing access to CGS resources. Grant only the permissions required for users to perform a task.
ReadOnlyAccess permissions (read-only permissions on IAM) to IAM users to obtain the IAM user list.
Otherwise, contact the IAM account administrator to grant your IAM account this permission.
figure shows the permissions management flow of a new IAM user.
Use actual values in the bold fields. accountid indicates the account ID of the IAM user. username indicates the username of the IAM user to be created. email indicates the email of the IAM user. ********** indicates the password of the IAM user.
Use actual values in the bold fields. accountid indicates the account ID of the IAM user. username indicates the username of the IAM user to be created. email indicates the email of the IAM user. ********** indicates the password of the IAM user.
Use actual values in the bold fields. accountid indicates the account ID of the IAM user. username indicates the username of the IAM user to be created. email indicates the email of the IAM user. ********** indicates the password of the IAM user.
Tag iam Trigger Type Configuration change Filter Type iam.roles, iam.policies Configure Rule Parameters None Applicable Scenario This rule allows you to ensure that your IAM users or agencies do not have unintended permissions attached.
Querying Permanent Access Keys Function This API can be used by the administrator to query all permanent access key of an IAM user or used by an IAM user to query all of their own permanent access keys.
Replace the italic fields in bold with the actual values. accountid: account ID of the IAM user username: IAM username to be created email: email address of the IAM user **********: password of the IAM user POST https://iam.ap-southeast-1.myhuaweicloud.com/v3.0/OS-USER/users Content-Type
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
Step 3 Configuring Agent-based ModelArts Access Authorization After assigning IAM permissions, configure ModelArts access authorization for IAM users on the ModelArts page so that ModelArts can access dependent services such as OBS, SWR, and IEF.
For details, see Step 2: Create IAM Users and Log In. Access Control Permissions control You can use IAM to assign different permissions to different employees in your enterprise to access your instance resources. For details about DRS permissions, see Permissions Management.
To ensure that the IAM user permissions are normal, the user group to which the IAM user belongs must be assigned the DAYU User or DAYU Administrator role on the IAM console.
Creating a Virtual MFA Device Function This API is provided for IAM users to create a virtual MFA device. The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.
