检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
figure shows the permissions management flow of a new IAM user.
ReadOnlyAccess permissions (read-only permissions on IAM) to IAM users to obtain the IAM user list.
Use actual values in the bold fields. accountid indicates the account ID of the IAM user. username indicates the username of the IAM user to be created. email indicates the email of the IAM user. ********** indicates the password of the IAM user.
Use actual values in the bold fields. accountid indicates the account ID of the IAM user. username indicates the username of the IAM user to be created. email indicates the email of the IAM user. ********** indicates the password of the IAM user.
Use actual values in the bold fields. accountid indicates the account ID of the IAM user. username indicates the username of the IAM user to be created. email indicates the email of the IAM user. ********** indicates the password of the IAM user.
Tag iam Trigger Type Configuration change Filter Type iam.roles, iam.policies Configure Rule Parameters None Applicable Scenario This rule allows you to ensure that your IAM users or agencies do not have unintended permissions attached.
Querying Permanent Access Keys Function This API can be used by the administrator to query all permanent access key of an IAM user or used by an IAM user to query all of their own permanent access keys.
Replace the italic fields in bold with the actual values. accountid: account ID of the IAM user username: IAM username to be created email: email address of the IAM user **********: password of the IAM user POST https://iam.ap-southeast-1.myhuaweicloud.com/v3.0/OS-USER/users Content-Type
Step 3 Configuring Agent-based ModelArts Access Authorization After assigning IAM permissions, configure ModelArts access authorization for IAM users on the ModelArts page so that ModelArts can access dependent services such as OBS, SWR, and IEF.
For details, see Step 2: Create IAM Users and Log In. Access Control Permissions control You can use IAM to assign different permissions to different employees in your enterprise to access your instance resources. For details about DRS permissions, see Permissions Management.
To ensure that the IAM user permissions are normal, the user group to which the IAM user belongs must be assigned the DAYU User or DAYU Administrator role on the IAM console.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
Creating a Virtual MFA Device Function This API is provided for IAM users to create a virtual MFA device. The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.
To grant an IAM user permission to access dependent cloud services of SWR, you must have the IAM role Security Administrator. Fine-grained HSS Authorization Log in to the management console.
Check whether your account is an IAM account. Ensure that your IAM account has the VPN FullAccess permission. For details, see Creating a User Group and Assigning Permissions and Adding Users to or Removing Users from a User Group. Parent topic: Account Permissions
If an IAM user is required to grant cluster namespace permissions to other users or user groups, the user must have the IAM read-only permission.
Creating an Enterprise Project Create user group Test_EPS and IAM user Test_EPS_User, and add the IAM user to the user group. Then create enterprise project Test_EPS_Project. For details, see Getting Started with Enterprise Management.
Error Reported When a DB Instance Is Purchased Scenario When an IAM user purchases an RDS DB instance, an error message is displayed, indicating that the user is not granted the IAM agency permission.
Error Reported When a DB Instance Is Purchased Scenario When an IAM user purchases an RDS DB instance, an error message is displayed, indicating that the user is not granted the IAM agency permission.
Applicable Scenario This rule helps you identify idle IAM users to improve account security Solution You can use noncompliant IAM users to log in to Huawei Cloud console or delete these users as needed. For more details, see Logging In as an IAM User and Deleting an IAM User.
