检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
This section describes how to assign the permissions to use cloud services to all IAM users in a user group. On the user group list page of IAM, click Authorize of the target user group. The Authorize User Group page is displayed.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer. URI DELETE /v3/OS-FEDERATION/mappings/{id} Table 1 URI parameters Parameter Mandatory Type Description id Yes String ID of the mapping to be deleted.
If an IAM user does not have sufficient permissions, an agency cannot be automatically created. To solve this problem, assign permissions defined in the Tenant Administrator policy to the IAM user.
For IAM endpoints, see Regions and Endpoints. Debugging You can debug this API in API Explorer.
For details about how to obtain the agency ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.
Parent topic: IAM Synchronization
X-Auth-Token Yes String IAM user token (no special permission requirements). Response Parameters Table 3 Parameters in the response body Parameter Type Description service Object Service information.
For details about how to obtain a user group ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.
Click Authorize, select the SMS Custom Policy For EPS At IAM policy, and click Next. Select All resources for Scope and click OK.
In the case of a custom policy for agencies, the parameter value should be "Action": ["iam:tokens:assume"]. Effect String Effect of the permission. The value can be Allow or Deny.
Only non-administrator IAM users can be used for installing isap-agent. Make sure the /opt/cloud directory where you install isap-agent and use the collector has at least 100 GB of free disk space.
iam:roles:listRoles, and iam:agencies:pass actions.
Solution You can allow IAM users to access cloud services either using programmatic methods or through the console. Ensure that an IAM user does not have both a password and an access key. Rule Logic If an IAM user is disabled, this user is compliant.
IAM username or email address Enter the IAM username or email address. Obtain the IAM account name from the administrator. IAM user password Enter the initial password provided by the administrator. The organization member needs to change the password upon the first login.
Click in the upper left corner of the page and choose Management & Governance > IAM Identity Center. In the navigation pane, choose Multi-Account Permissions > Permission Sets. View the created permission sets and their details in the list.
Log in to the management console as the IAM user. If resource information is displayed, the IAM user has been successfully assigned the required permissions. Figure 5 My Resources Parent topic: FAQs
Solution You can enable login protection for the noncompliant IAM users. For more details, see Login Protection. Rule Logic If an IAM user is in the disabled state, this user is compliant. If an IAM user that is enabled has MFA enabled, this user is compliant.
This section describes how to use IAM to implement fine-grained permissions control for your VPC resources. With IAM, you can: Create IAM users for personnel based on your enterprise's organizational structure.
If your account does not require individual IAM users for permissions management, you can skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see IAM Service Overview.
Figure 4 Selecting Identity and Access Management Grant the admin or Full Access permission to the IAM user. Once done, the IAM user can view service monitoring data.
