检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
You can create an IAM user or user group on the IAM console and grant it specific operation permissions, to perform refined management on Huawei Cloud. For details, see Creating a User and Granting TaurusDB Permissions. Your account balance is not below zero.
Table 1 MRS resources and their paths Resource Name Path cluster Cluster [Format] MRS:*:*:cluster:Cluster ID [Description] Grant permissions on a specific resource to an IAM user.
You can go to the IAM console and use either of the following methods to grant permissions: Method 1: Grant the DEW KeypairFullAccess permission (full permissions for KPS) to the agent installation account.
Request Parameters Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String IAM token, which is obtained by calling the IAM API for obtaining a user token (value of X-Subject-Token in the response header).
Request Parameters Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String IAM token, which is obtained by calling the IAM API for obtaining a user token (value of X-Subject-Token in the response header).
Request Parameters Table 3 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String IAM token, which is obtained by calling the IAM API for obtaining a user token (value of X-Subject-Token in the response header).
Options: reject: rejected resolve: approved Request Parameters Table 3 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String IAM token, which is obtained by calling the IAM API for obtaining a user token (value of X-Subject-Token in the response header
Restrictions To download an object, you must be the bucket owner or have the required permission (obs:object:GetObject in IAM or GetObject in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Configuring an Object Policy.
Restrictions To download an object, you must be the bucket owner or have the required permission (obs:object:GetObject in IAM or GetObject in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Configuring an Object Policy.
Restrictions To download an object, you must be the bucket owner or have the required permission (obs:object:GetObject in IAM or GetObject in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Configuring an Object Policy.
Restrictions To download an object, you must be the bucket owner or have the required permission (obs:object:GetObject in IAM or GetObject in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Configuring an Object Policy.
Restrictions To download an object, you must be the bucket owner or have the required permission (obs:object:GetObject in IAM or GetObject in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Configuring an Object Policy.
To configure an ACL for a bucket, you must be the bucket owner or have the required permission (obs:bucket:PutBucketAcl in IAM or PutBucketAcl in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Creating a Custom Bucket Policy.
Restrictions To configure an object ACL, you must be the bucket owner or have the required permission (obs:object:PutObjectAcl in IAM or PutObjectAcl in a bucket policy). For details, see Introduction to OBS Access Control, IAM Custom Policies, and Configuring an Object Policy.
or How Do I Create an AK/SK Pair for an IAM User? SMS does not support AK/SK-based authentication for federated users (virtual users). Ensure that the source server OS is supported by SMS. See Supported Windows OSs.
Restrictions To list objects in a PFS, you must be the PFS owner or have the required permission (obs:bucket:ListBucket in IAM or ListBucket in a policy). IAM is recommended for granting permissions. For details, see IAM Custom Policies.
After an account is granted permissions, both the account and its IAM users can access the resources. If an object is encrypted with SSE-KMS, the ACL configured for it is not in effect in the cross-tenant case. For more information, see ACLs.
It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token.
ecs:cloudServers:createServers eip:publicIps:create eip:publicIps:associateInstance iam:agencies:pass eip:bandwidths:insertPublicIps POST /v1/{project_id}/cloudservers/delete ecs:cloudServers:deleteServers - POST /v1.1/{project_id}/cloudservers/{server_id}/resize ecs:cloudServers
IAM: Requests for the API will be authenticated by Identity and Access Management (IAM). Custom: Requests for the API will be authenticated by using your own authentication system or service (for example, an OAuth-based authentication system).
