检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Table 3 Dependency policies and roles Console Function Dependent Services Roles or Policies Required OBS authorization Identity and Access Management (IAM) Creating an agency: iam:agencies:createAgency Listing agencies: iam:agencies:listAgencies Querying agency details: iam:agencies
IAM User IAM users can bind a virtual MFA device on the IAM console. The procedure is the same as that for binding a virtual MFA device for a Huawei Cloud account.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see the IAM Service Overview. DCS Permissions By default, new IAM users do not have permissions assigned.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
If your account does not need individual IAM users for permissions management, you can skip this section. IAM is a free service. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview.
IAM account authorization: FunctionGraph can use IAM to grant different function operation permissions to IAM users. Parent Topic: Security
Policies that contain actions supporting both IAM projects and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management.
IAM can be used free of charge. You pay only for the resources in your account. For more information about IAM, see IAM Service Overview. DeH Permissions New IAM users do not have any permissions assigned by default.
IAM can be used free of charge. You pay only for the resources in your account. For more information, see IAM Service Overview. EIP Permissions New IAM users do not have any permissions assigned by default.
With IAM, you can use your Huawei Cloud account to create IAM users for your employees, and assign permissions to the users to control their access to specific resource types.
To perform these operations, you need related IAM agencies. The following lists the details. To create IAM agencies, you need the iam:agencies:createAgency and iam:permissions:grantRoleToAgency permissions.
IAM user import Identity and Access Management (IAM) To import IAM users, the IAM ReadOnlyAccess permission is required. Table 3 lists the common operations for each system-defined policy or role of CSE. Select policies or roles as needed.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
For details about how to obtain the group name, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.
By integrating IAM permissions with Kubernetes cluster permissions, you can use IAM to oversee Kubernetes resource access for various users.
For example, to obtain the IAM token in the CN North-Beijing1 region, obtain the endpoint of IAM (iam.cn-north-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
For details, see the IAM Product Introduction. Parent topic: Service Overview
Replace the bold fields with the actual values. accountid indicates the ID of the account to which the IAM user belongs. username indicates the IAM username to be created. email indicates the email address of the IAM user. ******** indicates the login password of the IAM user.
For example, to obtain an IAM token in the CN-Hong Kong region, obtain the endpoint of IAM (iam.ap-southeast-1.myhuaweicloud.com) for this region and the resource-path (/v3/auth/tokens) in the URI of the API used to obtain a user token.
If your Huawei Cloud account does not require IAM for permissions management, you can skip this section. IAM is a free service. You only pay for the resources in your account. For more information about IAM, see IAM Service Overview.
