检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
To ensure that the IAM user permissions are normal, the user group to which the IAM user belongs must be assigned the DAYU User or DAYU Administrator role on the IAM console.
Creating a Virtual MFA Device Function This API is provided for IAM users to create a virtual MFA device. The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.
To grant an IAM user permission to access dependent cloud services of SWR, you must have the IAM role Security Administrator. Fine-grained HSS Authorization Log in to the management console.
If an IAM user is required to grant cluster namespace permissions to other users or user groups, the user must have the IAM read-only permission.
Check whether your account is an IAM account. Ensure that your IAM account has the VPN FullAccess permission. For details, see Creating a User Group and Assigning Permissions and Adding Users to or Removing Users from a User Group. Parent topic: Account Permissions
Creating an Enterprise Project Create user group Test_EPS and IAM user Test_EPS_User, and add the IAM user to the user group. Then create enterprise project Test_EPS_Project. For details, see Getting Started with Enterprise Management.
Error Reported When a DB Instance Is Purchased Scenario When an IAM user purchases an RDS DB instance, an error message is displayed, indicating that the user is not granted the IAM agency permission.
Applicable Scenario This rule helps you identify idle IAM users to improve account security Solution You can use noncompliant IAM users to log in to Huawei Cloud console or delete these users as needed. For more details, see Logging In as an IAM User and Deleting an IAM User.
IAM Functions Permissions Parent Topic: Security
It works with Identity and Access Management (IAM) to provide a variety of authorization methods, including IAM fine-grained authorization, IAM token authorization, namespace authorization, and resource authorization in namespaces.
Figure 9 Manage User Select the IAM user you want to add to the user group and click OK.
IAM Functions Permissions Parent topic: Security
Create an IAM user. Create a user on the IAM console and add it to the group created in 1. Log in as the IAM user and verify permissions. After you log in to the Cloud Eye management console as the created user, verify that the user has the CES Administrator permissions.
You can use IAM to control cloud resource access and prevents misoperations on cloud resources. This section describes how to configure the read-only permission for an IAM user.
For details about the differences between IAM and enterprise projects, see What Are the Differences Between IAM and Enterprise Management?
IAM user: Select an IAM user and configure an agency for the IAM user. Figure 1 Selecting an IAM user Federated user: Enter the username or user ID of the target federated user. Figure 2 Selecting a federated user Agency: Select an agency name.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer.
CDM can be shared with IAM users of the same tenant through authorization. To authorize an IAM user, perform the following steps: Create a user group and assign permissions Create a user group on the IAM console, and attach the CDM ReadOnlyAccess policy to the group.
A token is an access credential issued to an IAM user to bear its identity and permissions. When calling the APIs of IAM or other cloud services, you can use this API to obtain a user token for authentication.
CDM can be shared with IAM users of the same tenant through authorization. To authorize an IAM user, perform the following steps: Create a user group and assign permissions Create a user group on the IAM console, and attach the CDM ReadOnlyAccess policy to the group.
