检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Create a user group on the IAM console, and assign the IEF ReadOnlyAccess policy to the group.
IAM is free to use, and you only need to pay for the resources in your account. For more information about IAM, see IAM Service Overview. If your Huawei Cloud account does not need individual IAM users for permissions management, skip over this section.
Create a user group on the IAM console, and assign the IEF ReadOnlyAccess policy to the group.
IAM authentication is not required for running kubectl commands. Therefore, you can run kubectl commands without configuring cluster management (IAM) permissions. However, you need to obtain the kubectl configuration file (kubeconfig) with the namespace permissions.
IAM authentication is not required for running kubectl commands. Therefore, you can run kubectl commands without configuring cluster management (IAM) permissions.
Identity Authentication and Access Control Identity and Access Management (IAM) provides refined permissions management for HSS resources. You can: Create IAM users for employees based on the organizational structure of your enterprise.
If your Huawei Cloud account does not require individual IAM users for permissions management, skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see What Is IAM?
IAM permissions define which actions on your cloud resources are allowed or denied. After creating an IAM user, the administrator needs to add it to a user group and grant the permissions required by VPC to the user group.
You can use your account to create IAM users and assign permissions to the IAM users to control their access to specific resources. IAM permissions define which actions on your cloud resources are allowed or denied.
With IAM, you can create IAM users, and assign permissions to control their access to specific resources.
Use the mounted OpenID Connect ID token file in programs in the pod to access IAM and obtain a temporary IAM token. Access the cloud service using the IAM token in programs in the pod.
Check whether your account is an IAM user account. If yes, perform operations on the IAM console as the Huawei Cloud account user to authorize you the VPC operation permissions. Ensure that your account has the VPC Administrator, Tenant Guest, and VPN Administrator permissions.
DSC Permissions and Supported Actions This section describes how to use IAM for fine-grained DSC permissions management. If your Huawei Cloud account does not need individual IAM users, skip over this section. By default, new IAM users do not have any permissions.
Only the following users can use IAM: Account administrator (with full permissions for all services, including IAM) IAM users added to the admin group (with full permissions for all services, including IAM) IAM users assigned the Security Administrator role or an xxx FullAccess policy
To access OBS using access keys as an IAM user, the programmatic access must be enabled by the account. For details, see Viewing or Modifying IAM User Information. To access OBS in the EU-Dublin region, contact the administrator to obtain an access key pair.
Applicable Scenario This rule allows you to ensure that only intended permissions are assigned to an IAM user, a user group, or an IAM agency. For more details, see Grant Least Privilege.
Introduction You can use IAM to implement fine-grained permissions management for your Huawei HiLens resources. If your HUAWEI CLOUD account does not need individual IAM users, then you may skip this chapter. By default, new IAM users do not have permissions assigned.
Policies that contain actions only for IAM projects can be used and applied to IAM only. For details about the differences between IAM and enterprise management, see Differences Between IAM and Enterprise Management.
You can use IAM to control access to your EPS resources. IAM permissions define which actions on your cloud resources are allowed or denied.
You can use IAM to control access to your TMS resources. IAM permissions define which actions on your cloud resources are allowed or denied.
