检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Identity Authentication and Access Control Identity and Access Management (IAM) provides refined permissions management for HSS resources. You can: Create IAM users for employees based on the organizational structure of your enterprise.
If your Huawei Cloud account does not require individual IAM users for permissions management, skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see What Is IAM?
IAM permissions define which actions on your cloud resources are allowed or denied. After creating an IAM user, the administrator needs to add it to a user group and grant the permissions required by VPC to the user group.
You can use your account to create IAM users and assign permissions to the IAM users to control their access to specific resources. IAM permissions define which actions on your cloud resources are allowed or denied.
With IAM, you can create IAM users, and assign permissions to control their access to specific resources.
Use the mounted OpenID Connect ID token file in programs in the pod to access IAM and obtain a temporary IAM token. Access the cloud service using the IAM token in programs in the pod.
Use the mounted OpenID Connect ID token file in programs in the pod to access IAM and obtain a temporary IAM token. Access the cloud service using the IAM token in programs in the pod.
Check whether your account is an IAM user account. If yes, perform operations on the IAM console as the Huawei Cloud account user to authorize you the VPC operation permissions. Ensure that your account has the VPC Administrator, Tenant Guest, and VPN Administrator permissions.
When an IAM user initiates a request, this parameter value is the ID of the account where the IAM user belongs. When an anonymous user initiates a request, this parameter value is Anonymous.
DSC Permissions and Supported Actions This section describes how to use IAM for fine-grained DSC permissions management. If your Huawei Cloud account does not need individual IAM users, skip over this section. By default, new IAM users do not have any permissions.
Create an IAM user and add it to the created user group. Create a user on the IAM console and add it to the user group created in 1. Log in as the IAM user and verify permissions.
Only the following users can use IAM: Account administrator (with full permissions for all services, including IAM) IAM users added to the admin group (with full permissions for all services, including IAM) IAM users assigned the Security Administrator role or an xxx FullAccess policy
Applicable Scenario This rule allows you to ensure that only intended permissions are assigned to an IAM user, a user group, or an IAM agency. For more details, see Grant Least Privilege.
Introduction You can use IAM to implement fine-grained permissions management for your Huawei HiLens resources. If your HUAWEI CLOUD account does not need individual IAM users, then you may skip this chapter. By default, new IAM users do not have permissions assigned.
Policies that contain actions only for IAM projects can be used and applied to IAM only. For details about the differences between IAM and enterprise management, see Differences Between IAM and Enterprise Management.
Create a user group on the IAM console, and assign the FunctionGraph Invoker role to the group. Create an IAM user and add it to the user group. Create a user on the IAM console and add the user to the group created in 1.
IAM or enterprise projects on which actions take effect. Policies that contain actions supporting both IAM and enterprise projects can be used and take effect in both IAM and Enterprise Management.
You can use IAM to control access to your TMS resources. IAM permissions define which actions on your cloud resources are allowed or denied.
You can use IAM to control access to your EPS resources. IAM permissions define which actions on your cloud resources are allowed or denied.
Policies that contain actions for both IAM and enterprise projects can be used and take effect for both IAM and Enterprise Management. Policies that contain actions only for IAM projects can be used and applied to IAM only.
